← Back to home

TRUST & COMPLIANCE

Enterprise-grade security and compliance. Your community data is safe with CEEJAY.

Last updated March 2026

GDPR Compliant

Registered with the ICO. Full compliance with UK GDPR and Data Protection Act 2018.

SOC 2 Aligned

We align with SOC 2 Trust Service Criteria. Infrastructure providers hold SOC 2 Type II certifications.

Data Encrypted

TLS 1.3 in transit, AES-256-GCM for stored tokens, database encryption at rest.

Discord Developer ToS

Fully compliant with Discord Developer Terms of Service and API usage policies.

SECURITY PRACTICES

Infrastructure

  • SOC 2 Type II certified managed hosting
  • SOC 2 Type II certified authentication provider
  • Enterprise-grade database with connection pooling
  • Automated scaling and monitoring

Encryption

  • TLS 1.3 for all data in transit
  • AES-256-GCM for stored authentication tokens
  • Database encryption at rest
  • Secure key management with enforced key validation

Access Controls

  • Discord OAuth authentication
  • Server-scoped authorisation on all API routes
  • Role-based access control for team management
  • Production logging sanitised (no sensitive data)

Security Headers

  • Comprehensive security headers including CSP, HSTS, and additional protective headers

SOC 2 ALIGNMENT

While we have not undergone formal SOC 2 certification, our infrastructure providers maintain SOC 2 certifications and our practices are designed to align with the SOC 2 Trust Service Criteria.

CriteriaHow We Align
SecurityCSP headers, SQL injection prevention, encrypted tokens, input validation, auth middleware on all API routes.
AvailabilitySOC 2 Type II certified managed hosting with auto-scaling, enterprise-grade database with connection pooling, monitoring and alerting.
Processing IntegrityInput validation on all API endpoints, whitelist-based filtering, data type enforcement.
ConfidentialityProduction logging sanitised, encryption key enforcement, DPAs signed with all vendors.
PrivacyEU-hosted product analytics, masked analytics, consent-based website analytics with IP anonymisation, UK GDPR compliance, ICO registered, privacy-by-default settings.

SUB-PROCESSORS

We maintain Data Processing Agreements (DPAs) with all sub-processors. All sub-processors hold appropriate security certifications (SOC 2 Type II, Data Privacy Framework, or equivalent) and are subject to ongoing compliance review. See our Privacy Policy for the categories of processing involved.

A detailed sub-processor list is available to customers and upon request. For the full list, please refer to our Data Processing Agreement or contact privacy@communitystudios.xyz.

LEGAL DOCUMENTS

Privacy Policy
Terms of Service
Cookie Policy
Data Request
For privacy enquiries, contact privacy@communitystudios.xyz

Loading...