Compliance posture
| Framework | Enclave status | Notes |
|---|---|---|
| SOC 2 Type II | ✓ Compliant | Report available under NDA |
| ISO 27001 | ✓ Certified | Certificate available on request |
| GDPR | ✓ Compliant | DPA available |
| HIPAA | ✓ BAA available | Business Associate Agreement on request |
| DPDP Act 2023 | ✓ Compliant | India data residency supported |
| IT Act 2000 | ✓ Compliant | |
| FedRAMP | In progress | — |
| Cyber Essentials | ✓ Certified |
SOC 2 Type II
Enclave undergoes annual SOC 2 Type II audits covering:- Security — access controls, encryption, vulnerability management
- Availability — uptime SLAs, incident response
- Confidentiality — data classification, key management
GDPR
Enclave’s zero-knowledge architecture directly supports GDPR obligations:- Data minimisation — Quelden processes only metadata, never plaintext content
- Right of erasure — deleting a room destroys the KEK, permanently rendering all files unreadable
- Data residency — EU-region deployments available; data does not leave your selected region
- Sub-processors — full list available in the DPA
HIPAA
Enclave is HIPAA-eligible. For covered entities and business associates:- AES-256-GCM encryption satisfies the HIPAA Security Rule encryption standard
- Audit logs satisfy access logging requirements (§164.312(b))
- BYOK/HYOK ensures ePHI keys are controlled by the covered entity
- A Business Associate Agreement (BAA) is available on request
Data residency
| Region | Available |
|---|---|
| India (Mumbai) | ✓ |
| EU (Frankfurt) | ✓ |
| US East (Virginia) | ✓ |
| US West (Oregon) | ✓ |
| Singapore | ✓ |
| Custom (private cloud) | ✓ |
Generating compliance reports
Enclave can generate compliance reports for internal use or auditor submission:- Navigate to Reports → Compliance
- Select the framework (SOC 2, ISO 27001, GDPR, HIPAA, etc.)
- Set the reporting period
- Click Generate — the report is produced as a signed PDF