Industry Compliance
Built for Trust—Compliance That Protects Your Business and Your Customers Brilliance CRM is engineered to meet the highest standards in data privacy, security, and regulatory compliance. From HIPAA to GDPR, our platform helps you stay audit-ready and customer-confident.
Whether you're in healthcare, finance, or marketing, Brilliance CRM keeps your data protected and your operations compliant. We support global standards like HIPAA, GDPR, CCPA/CPRA, ISO 27001, PCI SAQ D, SOC 2, and Cyber Essentials. With encrypted infrastructure, secure audit trails, and privacy-first architecture, your business can meet legal requirements without sacrificing usability. Compliance isn't an afterthought—it's built into every module, every user, and every interaction.
The California Consumer Privacy Act (CCPA), along with the California Privacy Rights Act (CPRA), provides California residents with enhanced privacy rights over their personal data. These regulations require businesses to disclose the personal information they collect and offer consumers the ability to opt out of the sale of their personal data.
As we expand our reach, we are committed to respecting consumer privacy rights. We are working toward CCPA/CPRA compliance to ensure our customers' data remains in their control and that we offer transparency in how data is handled.
Cyber Essentials is a UK government-backed scheme designed to help organizations protect themselves against common online threats. Achieving Cyber Essentials certification demonstrates a business's commitment to cybersecurity through the implementation of basic security controls.
As part of our global security strategy, Cyber Essentials compliance will ensure that our infrastructure is resilient against common cyber threats, providing additional confidence to our users.
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that applies to all companies processing personal data of individuals within the European Union (EU) and European Economic Area (EEA). GDPR establishes strict guidelines for data protection, user consent, and the rights of individuals regarding their personal data.
We understand that privacy is a fundamental right, which is why we are committed to GDPR compliance. By adhering to these regulations, we ensure the privacy of customer data and allow our users to manage and control their personal information.
HIPAA is a U.S. law designed to provide data privacy and security provisions for safeguarding medical information. Healthcare providers, insurers, and business associates handling Protected Health Information (PHI) must ensure that their systems are compliant with HIPAA's standards.
As we serve industries like healthcare, we understand the importance of protecting sensitive health data. We are taking steps to become HIPAA compliant to ensure that our platform meets the stringent requirements for handling PHI securely.
ISO 27001 is the international standard for information security management systems (ISMS). It outlines best practices for establishing, maintaining, and continually improving an information security management system.
To support our ongoing commitment to security, we are working toward ISO 27001 readiness. Achieving this standard will help ensure that we are following international best practices for managing and securing sensitive information.
The PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards designed to ensure that all companies that process, store, or transmit credit card information maintain a secure environment. SAQ D is the most comprehensive version of the PCI DSS self-assessment and applies to organizations that directly store, process, or transmit cardholder data.
As a CRM provider, we are working toward achieving PCI SAQ D compliance to ensure that any cardholder data we process remains secure, and that we adhere to the highest standards in payment security.
SOC 2 is a framework for managing data based on five key principles: security, availability, processing integrity, confidentiality, and privacy. SOC 2 compliance is especially important for SaaS providers, as it demonstrates a commitment to securing and protecting client data.
We are working toward SOC 2 Readiness to demonstrate our commitment to securing our customers' data in every part of our operations. Achieving SOC 2 compliance ensures that we meet the highest standards for operational security and data protection.
