Compliance
Ballast compliance and certifications.
Ballast is designed to support enterprise compliance requirements.
Current Status
SOC 2 Type II
SOC 2 Type II certification is planned. Contact us for our current security documentation.
GDPR
Ballast supports GDPR compliance:
- Data minimization - Only index what you configure
- Right to deletion - Delete sources and data via API
- Data portability - Export your data
- Access controls - Fine-grained permissions
HIPAA
HIPAA compliance requires a Business Associate Agreement (BAA) and additional configuration.
Contact us for HIPAA-compliant deployments.
Self-Hosting for Compliance
Enterprise customers requiring strict compliance often self-host:
Benefits:
- Data never leaves your infrastructure
- Full control over encryption keys
- Custom retention policies
- Network isolation
Supported:
- Air-gapped deployments
- Private cloud (AWS, GCP, Azure)
- On-premises
See Self-Hosting for setup instructions.
Data Residency
Cloud Service
The managed Ballast service stores data in:
- United States (primary)
Contact us for regional deployment options.
Self-Hosted
Self-hosted deployments give you full control over data residency. Deploy in any region.
Audit Logging
Ballast logs:
- API access with user/key identification
- Authentication events
- Configuration changes
- Sync operations
Self-hosted deployments can configure log destinations and retention.
Penetration Testing
We conduct regular security assessments. Contact us for:
- Latest penetration test results
- Security questionnaire responses
- Architecture documentation
Contact
For compliance questions or documentation requests:
- Email: security@ballast.sh
- Enterprise inquiries: sales@ballast.sh