PAR will be closing at 4:00 pm EST on Wednesday, November 26th in celebration of the Thanksgiving holiday. Online purchasing is still available, and any orders placed after 4:00 pm EST on the 26th, will be shipped on Monday, December 1st when PAR re-opens at 8:00 am after the holiday. We are so grateful for our customers, and wish those celebrating a joyful holiday. 
Blush Swoosh

Compliance and Certifications

PAR believes in transparency. Below is a comprehensive overview of the audits, standards, and legal frameworks that validate our commitment to data security and privacy.

System Audits and Controls

SOC Type 2

A SOC Type 2 report is a private report attesting that a company has internal controls in place for security, confidentiality, processing integrity, privacy, and availability of customer data. It takes place over a period of time, usually several months.

The SOC 2 Type 2 report is not available to the general public. Customers who need a copy of our SOC 2 Type 2 report for compliance or security assessment purposes may request one after executing a non-disclosure agreement (NDA).

Request Access to Our SOC 2 Report

SOC Type 3

Our SOC 3 report confirms we've maintained a secure and reliable control environment for all our services. This publicly available report assures customers that we've met the highest standards for security. It demonstrates our commitment to protecting your data with a strong control framework.

The SOC Type 3 report holds the same rigorous testing of an organization's security controls as the SOC Type 2 report, but produces a public-facing report with macro descriptions.

Download SOC 3 Report

Payment Security

PCI DSS

To protect your payment information, we strictly adhere to the Payment Card Industry Data Security Standard (PCI DSS). This means we encrypt all cardholder data and use secure firewalls to protect against unauthorized access. We regularly monitor our systems to ensure the highest level of security.

Download PCI Attestation of Compliance

VikingCloud Trusted Commerce

The VikingCloud Trusted Commerce seal is our promise to you that our website and your personal data are protected by the highest industry-standard security. You can browse, purchase, and access resources with confidence, knowing that your sensitive information is handled with the utmost care. 

Validate VikingCloud Trusted Commerce

Our Commitment to Privacy

HIPAA

We are committed to the security of all protected health information (PHI) and comply with all aspects the Health Insurance Portability and Accountability Act (HIPAA). Our systems and protocols are designed to ensure the confidentiality, integrity, and availability of all data. We've implemented robust administrative, physical, and technical safeguards to protect your information at every stage. This commitment gives our customers peace of mind, knowing that their data is handled with the utmost care.

GDPR

The security of psychological data is our highest priority, and we have built our platform with General Data Protection Regulation (GDPR) principles at its core. We serve as a 'data processor' for your client information, meaning we provide the secure infrastructure for you, the 'data controller', to meet your own privacy obligations. We are committed to upholding the data protection principles of lawfulness, fairness, transparency, and data minimization as defined by the GDPR.

Student & Educational Data Privacy

We understand that when our products are used in educational settings, a different set of privacy needs and legal requirements apply. We are committed to protecting the privacy and security of student data. Our compliance with the following standards ensures that educational records and information are handled with the highest level of care.


SOPIPA

The Student Online Personal Information Protection Act (SOPIPA), a California law, prevents using student data for targeted advertising and requires specific security protections. We adhere to these standards.

FAQ

Below are questions and answers with further details about our compliance and certification standards. 

What other protections does PAR offer?

PAR values our customers and offers protections such as meeting the Payment Card Industry Data Security Standard (PCI DSS). Our website has been betted by VikingCloud Trusted Commerce, meaning you’re protected by the highest industry-standard security. PAR also meets the standards for HIPAA and FERPA compliance.

Why is SOC 2 and SOC 3 certification important?  

These certifications are important for several reasons. They indicate PAR adheres to stringent security and privacy practices, meaning your information and data are protected and safe. It also demonstrates a commitment to risk management and to data security. 

What is your approach to HIPAA compliance? 

As a company that handles potentially protected health information (PHI), we are fully compliant with HIPAA. We have implemented technical, administrative, and physical safeguards to ensure the confidentiality, integrity, and availability of all data.  

Do you comply with other regional or state-specific laws?

Yes, we are committed to adhering to all relevant state laws, including California’s SOPIPA and New York’s SHIELD Act. We continually monitor the legal landscape to ensure our practices remain compliant with emerging privacy legislation.  

Are your services FERPA and COPPA compliant? 

Yes, our services are designed to be compliant with FERPA and COPPA, which are crucial for our customers in educational settings. We have strict policies in place to protect the privacy of student data and to ensure we obtain parental consent when required by law.