thedevstockgirl
thedevstockgirlβ€’14mo ago

SOC 2, GDPR and HIPAA.

I see some comment on the 2023 year end article that these are coming this year. Is there an ETA? Or a public roadmap on these? Thank you
16 Replies
james
jamesβ€’14mo ago
We're waiting to hear back from the auditors to fully wrap up SOC-2 but all the work is done and it should be ready very soon, hopefully in a couple of weeks. We don't have a public timeline on GDPR and HIPAA but we'll start on these once right after SOC-2. Let us know if you have any particular timeline constraints!
thedevstockgirl
thedevstockgirlOPβ€’14mo ago
Ok. Thanks James. Will reach out.
jamwt
jamwtβ€’14mo ago
@thedevstockgirl update: SOC 2 type 1 is done! moving onto GDPR now
thedevstockgirl
thedevstockgirlOPβ€’14mo ago
Thanks for the update @jamwt . That's great to hear. We are on the supabase team plan with HIPAA add-on, and hoping that we are able to get somethig similar soon with convex. This is critical for any type of healthcare application. Will a 1 - 2 months time be feasible for HIPAA? Our migration has been going well, and the small dev team handling this are fans. But without HIPAA compliance, that rollout will be in beta for a while. Per supabase release note on HIPAA, "Going from zero to a SOC2 certification was much harder, than going from SOC2 to HIPAA", so hoping that is going to be the case here too.
jamwt
jamwtβ€’14mo ago
Yep. We hear the gap from SOC 2 to GDPR and HIPAA is pretty small. On timeline, I don’t know today. But I hope to follow up soon with better estimates.
thedevstockgirl
thedevstockgirlOPβ€’14mo ago
Ok. Great. Will follow this thread and your site for updates on this. Thank you.
jamwt
jamwtβ€’14mo ago
No problem! Thanks for the patience. I'd also love to jump on a call sometime and hear more about your project if you're up for it!
thedevstockgirl
thedevstockgirlOPβ€’14mo ago
For sure. We might be up for it. I'll let you know.
FleetAdmiralJakob πŸ—• πŸ—— πŸ—™
FleetAdmiralJakob πŸ—• πŸ—— πŸ—™β€’14mo ago
+1 for GDPR love to see it since I live EU
Rob
Robβ€’13mo ago
+1 on HIPAA. I'm creating an app for the healthcare space and would love to use Convex @jamwt any update on estimated timelines for HIPAA compliance? bumping @jamwt
jamwt
jamwtβ€’13mo ago
we have a gap analysis from the firm that did our SOC 2, and there aren't too many items on it. I'd estimate May
Rob
Robβ€’13mo ago
Thank you for the update! Looking forward to it πŸ™‚
jamwt
jamwtβ€’8mo ago
thedevstockgirl
thedevstockgirlOPβ€’8mo ago
That’s super awesome to hear. πŸŽ‰πŸŽ‰πŸŽ‰ Thank you. Convex to the moon. πŸŒ™
Maksym Liamin
Maksym Liaminβ€’3mo ago
Where can I find the BAA to sign with you guys to get the HIPAA compliance for our account? There is no link to it or guideline on your security page: https://www.convex.dev/security
Convex
Platform Security
Security is of the utmost importance to our team. Learn about our practices and compliance.
jamwt
jamwtβ€’3mo ago
Hi! Create a support ticket in the dashboard and myself and our CISO will take care of it.

Did you find this page helpful?