SOC 2 Type II
Independently audited against the SOC 2 Type II trust service criteria. Request the current report by emailing privacy@gleap.io.
GDPR
GDPR-compliant processing with a public Data Processing Addendum, Standard Contractual Clauses for third-country transfers, and a documented sub-processor list.
EU data residency
Gleap is hosted in the European Union (Frankfurt). US data residency is available on the Enterprise plan.
DORA vendor readiness
Vendor information for financial entities regulated under DORA: Register of Information data, Article 30 mapping, and due-diligence support.
Encryption & security controls
Technical and organizational measures per Art. 32 GDPR: encryption, access controls, availability, resilience, and recoverability.
HIPAA BAA
A Business Associate Agreement is available on the Enterprise plan for customers subject to HIPAA.