# Compliance

Validia is built with enterprise-grade compliance in mind. Our infrastructure, consent model, and data handling practices are aligned with major privacy frameworks, including SOC 2, GDPR, CCPA, and biometric-specific laws across U.S. states.

***

### SOC 2

* **SOC 2 Type I**: Completed
* **SOC 2 Type II**: In progress
* **Audited by**: Independent third-party security firm
* **Scope**: Covers security, availability, and confidentiality controls across our systems

***

### GDPR & CCPA

Validia supports full compliance with major global and U.S. privacy regulations:

* **GDPR**
  * Data subject rights: Access, correction, and deletion requests honored
  * Data minimization and purpose limitation enforced
  * Optional data residency available for enterprise customers
* **CCPA / CPRA**
  * Clear opt-in/opt-out workflows for sensitive data like biometrics
  * Transparent disclosures on data collection and use
  * No sale or unauthorized sharing of personal data

***

### Biometric Privacy

Validia is designed to comply with biometric privacy regulations such as BIPA, and sets a high standard for biometric data protection:

* **Explicit consent** is required and documented before any biometric data is processed
* **No biometric data** is stored long-term, displayed, or used for any purpose other than real-time authentication
* **Users can decline participation** and still proceed via alternate verification methods, unless restricted by the requesting organization

***

### Biometric Compliance by State

Validia’s platform is structured to meet state-specific biometric privacy laws across the U.S.:

#### California (CCPA/CPRA)

* Informed notice and consent presented during onboarding
* Users may opt out of biometric authentication at any time
* No data is retained without explicit permission

#### Illinois (BIPA)

* Written, dual-checkbox consent captured prior to biometric processing
* Clear disclosures on purpose, usage, and retention
* No biometric data processed without affirmative opt-in

#### Texas & Washington

* Notice and explicit consent required before biometric data use
* Fulfilled via onboarding email and in-app consent form

#### Colorado, Connecticut, and Others

* Supports opt-out for biometric and profiling data
* All consent events are logged and auditable
* Alternate verification methods offered for users who decline

***

### Trust Center

For real-time updates on our compliance status, third-party attestations, and internal policies, visit our Trust Center.\
\
🔗 [Validia Trust Center](https://app.drata.com/trust/9f93ff30-26df-4321-bfe2-11f59883aac1)<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.validia.ai/security-and-privacy/compliance.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.