> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cassidyai.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Compliance

> Cassidy's compliance certifications: SOC 2 Type II, HIPAA, GDPR, CCPA, and CASA.

## SOC 2 Type II

Cassidy has completed a SOC 2 Type II audit covering security, availability, processing integrity, confidentiality, and privacy. The audit is performed by an independent third party and renewed on a regular cycle. Request the report through the [Trust Center](https://trust.cassidyai.com/).

## HIPAA

Cassidy is HIPAA compliant. Organizations that handle protected health information can request a Business Associate Agreement (BAA). Contact [support@cassidyai.com](mailto:support@cassidyai.com) to get a BAA in place before onboarding.

## GDPR

Cassidy complies with the GDPR. Data Processing Agreements (DPAs) are available for any organization that needs one. Contact [support@cassidyai.com](mailto:support@cassidyai.com) to request a DPA or exercise data subject rights.

## CCPA

Cassidy complies with the CCPA. Cassidy does not sell personal information. Contact [support@cassidyai.com](mailto:support@cassidyai.com) to exercise any CCPA rights.

## CASA

Cassidy holds a Cloud Application Security Assessment (CASA) certification, which validates secure handling of cloud API integrations including Google Drive.

***

For audit reports, DPAs, BAAs, and sub-processor lists, visit the [Trust Center](https://trust.cassidyai.com/).