codexroom

Compliance

Meet the audits and frameworks your firm operates under.

Codexroom carries the compliance posture an enterprise procurement team needs. The detail below covers PDPA, GDPR, CCPA, the DPA, SOC 2, and HIPAA.

Request a compliance pack

PDPA

Personal Data Protection Act 2012, Singapore.

Codexroom Pte. Ltd. is registered in Singapore and processes personal data under the Personal Data Protection Act 2012 and the Personal Data Protection Commission's advisory guidelines. The Data Protection Officer is reachable at dpo@codexroom.com. Cross-border transfers of personal data sit under PDPA Section 26 with contractual safeguards on every subprocessor relationship.

GDPR and UK GDPR

EU and UK data subjects.

Codexroom handles personal data under the EU GDPR and the UK GDPR for EU and UK customers and recipients. The Data Processing Agreement bundles with every Enterprise contract and is available on request for Growth customers. International transfers are governed by the EU Standard Contractual Clauses and the UK addendum.

CCPA / CPRA

California data subjects.

Codexroom handles personal information of California residents under the California Consumer Privacy Act and the California Privacy Rights Act. Codexroom does not sell personal information. Verifiable consumer requests run through the same dpo@codexroom.com address as PDPA and GDPR requests.

SOC 2

Type II audit closes Q4 2026.

SOC 2 Type II audit underway with the report due in Q4 2026. Until then, Codexroom ships a security white paper that mirrors the SOC 2 controls.

Data Processing Agreement

Standard DPA on every plan.

Standard DPA based on the EU Standard Contractual Clauses with the UK addendum and the PDPA cross-border transfer model clauses. Includes the subprocessor list, the data categories, the security measures, and the breach notification protocol.

HIPAA

Marketing and commercial workflows only.

Codexroom is suitable for marketing and commercial workflows in life sciences. We do not currently sign Business Associate Agreements for protected health information. Life sciences customers handling PHI should keep PHI off the platform.

Other frameworks

ISO 27001 on the roadmap for 2027.

ISO 27001 on the roadmap for 2027. MAS Technology Risk Management Guidelines reviewed for Singapore-regulated customers. Regional certifications (Cyber Essentials Plus, FedRAMP) considered on demand from Enterprise customers.

See it work

Request a compliance pack.

Request a compliance packRead the security page