Compliance & Certifications

List of all compliances and certifications applicable to CleverTap


CleverTap is committed to complying with regulations for account security and here's a list of all regulatory compliances and certifications applicable to CleverTap along with a detailed description.


CCPACCPA - Compliant
COPPACOPPA - Compliant
GDPRGDPR - Compliant
HIPAAHIPAA - Compliant
IS0 27001:2013IS0 27001:2013 - Compliant & Certified
SOC 2 Type 2SOC 2 Type 2 - Compliant & Certified
Safe to HostSafe to Host - Certified

How CleverTap complies


California Consumer Privacy Act (CCPA) is a state-wide data privacy law that regulates how businesses all over the world manage the personal information of California residents.

CleverTap complies by:

Providing an AWS data center locally to keep the data within the USA. For more information regarding compliance, see CleverTap CCPA.


Children’s Online Privacy Protection Act (COPPA), enforced by the Federal Trade Commission (FTC) in the US, outlines all measures that must be undertaken by website operators, marketers, and other providers of online services to protect online safety and privacy of minors.

CleverTap complies by :

  1. Ensuring that data sent about children below 13 years is done with the consent of the parent/guardian.
  2. Providing the ‘opt-out’ handle on the SDK which can be used by the customers to not send data to CleverTap in case of no consent by the users.


The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals who live in the European Union (EU).
CleverTap is GDPR compliant.


The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that was created to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.

CleverTap is HIPAA compliant because we are listed as a Business Associate.

Renewable Certifications

ISO/IEC 27001:2013

ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of the organization.

ISO Certification is renewed every 4 years subject to a surveillance audit passed every year. CleverTap complies by being ISO/IEC 27001:2013 certified.

SOC 2 Type 2

A System and Organization Controls (SOC-2) audit report provides detailed information and assurance about a service organization’s security, availability, processing integrity, confidentiality, and/or privacy controls, based on their compliance with the Trust Services Criteria (TSC) of the American Institute of Certified Public Accountants (AICPA).

SOC 2 Type 2 certification is renewed every year. As a service organization, CleverTap is SOC-2 certified and maintains strict internal controls over the information system that it provides to its users.

Safe to Host

We conduct external Vulnerability Assessment and Penetration Testing (VAPT) every quarter to ensure that our platform is free from vulnerability or threats. The Safe to Host certificate attests that VAPT is periodically conducted and that our platform is free of any potential vulnerabilities.

View CleverTap Compliance and Certifications

  1. Select Organization > Compliance and Certifications.
    This page lists the CleverTap compliance and certifications.

CleverTap Compliances

  1. Select the Certifications tab.
    This page lists the certificates of compliance that CleverTap adheres to.
    You may download the compliance certificate if required.

CleverTap Compliances and Certifications

  1. If you want to view a certificate, click download and agree to the Confidential Information terms and conditions.

Confidential Information