Compliance certifications, regulations and security
BunnyDoc understands that protecting privacy requires a comprehensive security programme. We conducted a thorough study and developed a resources page with detailed information regarding GDPR and how BunnyDoc is compliant.
ESIGN and UETA compliance
BunnyDoc conforms with the standards of the Electronic Signatures in Global and National Commerce Act (ESIGN) and Uniform Electronic Transactions Act (UETA), giving customers across all industries and verticals the ability to manage and sign their documents electronically.
21 CFR Part 11
BunnyDoc’s organisational features and functionality help our clients fulfil their obligations under 21 CFR Part 11 by assisting them to comply with those obligations. These functions include document history retention, two-factor authentication, session duration and timeouts because of inactivity, eSignature timestamps, digital certifications, and session timeouts.
PCI DSS certification
For payment collection, we work with third-party “Stripe.” Regarding protecting consumer data, privacy, and security, they take this matter extremely seriously.
Data centre locations are carefully selected to mitigate environmental risks like flooding, extreme weather, and seismic activity. AWS provides physical data centre access only to approved employees. All employees who need data centre access must first apply for access and provide a valid business justification. Access requests are approved based on the principle of least privilege, requiring individuals to specify the desired data centre layer, and imposing time restrictions. Access to data centres is regularly reviewed. Access is automatically revoked when an employee’s record is terminated in Amazon’s HR system