Zact Certifications and Accreditations

Zact is committed to building trust with our customers by aligning our privacy practices with industry-standard certifications and accreditations. To that end, we have maintained current certifications in the following:

SOC 1 Types I and II    
Since 2020
SOC 2 Types 1 and II  
Since 2020
PCI DSS                          
Since 2020
GDPR  
Expected 12/2022                      
CCPA
Expected 12/2022                      

SOC 1 Type II    
SOC 2 Type II  
PCI DSS                          
GDPR compliant                              
CCPA compliant           

Since 2020
Since 2020
Since 2020
Since 2024
Since 2024

Zact certifications

Zact understands how valuable customer data is and what it takes to keep it safe and protected. This extensive list of certifications is a testament to our dedication to data security and privacy. Consider what it implies if your vendor doesn’t offer these certifications at all - a serious risk that you need to consider during any due diligence analysis. Strictly speaking, there’s no requirement for any vendor pass these tests–clients and prospects must insist upon it.

SOC2
Since 2020
PCI
Since 2020
ccpa
Expected 12/2021*
GDPR
Expected 12/2021*

What do these certifications mean?

SOC2
SOC 1
Service Organization Control 1(SOC 1) is designed for financial transaction processing. It is primarily used to validate controls over the completeness and accuracy of monetary transactions and financial statement reporting. Type I tests controls at a point in time and Type II test them over a period of time.
Find out more here
arrowSOC2
SOC 2
SOC2 is designed to certify the security, processing integrity, availability, confidentiality, and/or privacy of hosted systems and the data they store or process. Service organizations are held to a standardized set of controls criteria for each of the principles covered in their report. Type I tests controls at a point in time and Type II test them over a period of time
Find out more here
arrowSOC1
SOC 2
(Since 2020)
SOC 2 is designed to certify the security, processing integrity, availability, confidentiality, and/or privacy of hosted systems and the data they store or process. Service organizations are held to a standardized set of controls criteria for each of the principles covered in their report. Type I tests controls at a point in time and Type II test them over a period of time.
Find our more here:
arrowPCI
PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) is a requirements framework which aims to ensure secure payment card transactions by reducing fraud and data breaches across the entire payment ecosystem. It is applicable to any organization that accepts or processes payment cards and is recognized as the global standard for securing cardholder data.
Find out more here
arrowGDPR
GDPR
The General Data Protection Regulation (GDPR) is an EU regulation on data protection and privacy. It also addresses the transfer of personal data outside the EU. The GDPR's primary aim is to give individuals control over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
Find out more here
arrowccpa
CCPA
The California Consumer Privacy Act(CCPA) is a state statute intended to enhance privacy rights and consumer protection for residents of California, United States. It regulates how businesses allover the world are allowed to handle the personal information of California residents. It allows any California consumer to demand to see all the information a company has saved on them, as well as a full list of all the third parties that data is shared with.
Find out more here
arrow
Products
SummaryCardzExpenzBillzGet a Demo
Banks
SummaryCard ProgramExpense ManagementAP AutomationGet a Demo
Payments API
SummaryAPI ReferenceContinuous CompensationSubscription ServicesFleet
Company
About ZactNews / BlogCareersCertificationsFAQsContact usHelp Center
©2025 Zact. All Rights Reserved.
Your Privacy Choices
Privacy Policy