Data Security and Privacy Compliance

The processes and systems necessary to develop, operate, and maintain Thunderhead are designed to comply with globally recognized best practices and regulations for data security and privacy.

Privacy Shield

Thunderhead complies with the U.S.-EU and Swiss-U.S. Privacy Shield framework, as set forth by the U.S. Department of Commerce, regarding the collection, use, and retention of personal information from European Union member countries and Switzerland.

Learn more


Privacy Shield

GDPR Compliant

Thunderhead is committed to the privacy of your data and providing services that enable compliance with GDPR. Read our FAQs to find out more.

ISO 27001 Certified

Thunderhead is committed to information security and maintains certification to ISO 27001 the International Standard for Information Security Management. This covers requirements for information security management systems, providing a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process. 

Learn more


ISO27001 Certified


As a Service Organization Control (SOC) 2 Type 1 certified company, Thunderhead’s operations are independently audited against the attestation standards established by the American Institute of Certified Public Accountants (AICPA). The SOC 2 report provides assurance that we have suitable and effective controls for managing customer data and complies with the SOC 2 trust principles for Security, Confidentially, and Availability.


Health Insurance Portability and Accountability Act (HIPAA)

Thunderhead supports compliance with the Health Insurance Portability and Accountability Act (HIPAA) security and privacy standards governing the use and disclosure of sensitive protected health information (PHI).
Compliance with HIPAA provides assurance that proper and continual measures are taken to protect PHI and enables HIPAA-regulated customers to use Thunderhead’s services to securely process PHI.