Trust Center

SOC 2: We undergo an annual SOC 2 Type 2 external audit. This report is available on request upon execution of a Mutual Non-Disclosure Agreement (MNDA).

Read our most recent SOC 2 Type 2 report here.

US State Privacy Laws

Blackpoint Cyber does not meet the conditions as outlined in Section 1798.140 of the California Consumer Privacy Act of 2018 (CCPA) and therefore is not subject to CCPA requirements. Blackpoint Cyber also does not meet the eligibility conditions outlined in the Virginia Consumer Data Protection Act, Colorado Privacy Act, Connecticut Data Privacy Act, Utah Consumer Privacy Act, Oregon Consumer Privacy Act, Florida Digital Bill of Rights, or Texas Data Privacy and Security Act and therefore is not subject to the requirements of these laws.

Recognizing the criticality of data privacy in today’s world, our customers can learn more about organizational and technical measures implemented in place to ensure privacy is integrated into our products, services, and operations by reviewing the information below.

General Data Protection Regulation (GDPR)

The European Union’s General Data Protection Regulation (GDPR) came into effect on May 25, 2018, and became effective in the UK post-Brexit on January 1, 2021. With a reputation for being one of the toughest data privacy and security laws in the world, it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EEA or UK respectively.

Blackpoint Cyber acts as a data processor for our MSP partners, who in turn act as data controllers and are responsible for determining Blackpoint Cyber’s purposes and means of processing personal data in compliance with GDPR.

For additional information on how Blackpoint Cyber complies with GDPR, the implemented organizational and technical measures, as well as our list of subprocessors, download our GDPR Statement, Subprocessor List, or request our Data Processing Addendum (DPA).

You can review and execute Blackpoint Cyber’s DPA by contacting the privacy team. Blackpoint Cyber’s DPA covers the specific processing activities and security measures applicable to our Services and incorporates the new EU Standard Contractual Clauses (EU SCCs).

Blackpoint Cyber will make updates to the subprocessor list via the published Subprocessor List, which will be accessible via our Trust Center. Such changes will be reflected in our Data Protection Addenda (DPA). Our customers who subscribe below will be alerted to changes in the Subprocessor List.

Objecting to a Subprocessor

You may object to a subprocessor by emailing your objection to [email protected] with the subject line “Subprocessor Objection,” along with your name, your company’s name, the name of the subprocessor, and grounds for objection.

HIPAA 

To serve our partners in the healthcare industry, who need to ensure compliance with the US Health Insurance Portability and Accountability Act (HIPAA), Blackpoint Cyber has a drafted a standard Business Associate Agreement (BAA) available upon request, which demonstrates our commitment to ensuring data security and data privacy in accordance with HIPAA.  

PCI-DSS 

Blackpoint Cyber does not play a role in the payment card processing lifecycle. Payment processing is handled by our partner, Stripe.