When it comes to choosing a data platform, security and compliance aren't just checkbox, they're deal-breakers. That's why VeloDB, a commercial provider of Apache Doris, made security and compliance central to everything we build. We've undergone rigorous audits to meet some of the industry's most stringent security and data privacy standards, including SOC 2 Type II, ISO/IEC 27001:2022, HIPAA, GDPR, US Data Privacy, and PCI DSS – SAQ A.
For our customers, this isn't just a list of acronyms. It's a peace of mind. It means knowing VeloDB is committed to protect your data, reduce risk, and supporting your own compliance goals and obligations. So you can build faster, scale confidently, and stay focused on what matters most, whether you're in finance, healthcare, SaaS, e-commerce, or others.
VeloDB Compliance Portfolio
All compliances below are available in VeloDB Cloud, the fully managed, cloud-native, real-time data warehouse service from VeloDB.
SOC 2 Type II
SOC 2 (System and Organization Controls 2) is a rigorous third-party audit that evaluates how well a company protects customer data, especially in cloud-based and SaaS environments. Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 is based on five trust principles: security, availability, processing integrity, confidentiality, and privacy. A Type II report is more in-depth than Type I—it doesn't just verify that the proper controls are in place, but also assesses how effectively they've been followed over time (usually 3–12 months). VeloDB's Type II report shows that our security and data protection practices are well-designed and reliably executed over time. We work with independent auditors annually to keep the report up to date. This assures our customers that their data is protected by controls that are thoroughly and continuously tested and audited.
ISO/IEC 27001:2022
ISO 27001:2022 is the international gold standard for managing information security. Published by the International Organization for Standardization (ISO), this standard defines how to establish, implement, maintain, and continuously improve an Information Security Management System (ISMS). It covers everything from risk assessment to access control, incident response, and employee training. The 2022 revision introduces new emphasis on managing cloud services and supply chain security.
ISO 27001:2022 certification demonstrates that VeloDB follows a systematic, risk-based approach to protecting sensitive information. VeloDB also works with independent auditors to undergo annual surveillance audits, keeping the certification valid.
HIPAA
HIPAA (Health Insurance Portability and Accountability Act) is a US federal law protecting sensitive patient health information nationwide. While it primarily applies to healthcare providers and insurers, it also affects technology companies that handle healthcare data—like VeloDB if its services are used in medical contexts.
HIPAA compliance proves VeloDB follows strict privacy rules for handling patient health information (PHI), uses strong security measures to protect it, and regularly audits its systems to ensure confidentiality, integrity, and availability.
Protected Health Information (PHI) is any information about a person's health, medical treatment, or payment for healthcare that can identify that individual. This includes details like medical records, test results, health insurance info, and conversations with doctors. PHI can be in any form: written, electronic, or spoken.
GDPR
GDPR (General Data Protection Regulation) is the foundational data privacy law in the EU and European Economic Area. It sets strict guidelines on how companies must collect, process, store, and share personal data of EU residents, giving individuals more control over their personal information and enhance data security and privacy.
Key GDPR requirements include obtaining explicit user consent for processing personal data when required, enabling individuals to access and delete their personal data, ensuring data is processed lawfully, and reporting breaches within 72 hours.
VeloDB's GDPR compliance proves that the company follows the strict data privacy law in the EU, follows best practices protect EU personal data, and is ready to support customers who need to meet EU regulatory requirements.
US Data Privacy
VeloDB has completed a US Data Privacy Gap Assessment. Having passed all assessed controls, VeloDB showed a strong and compliant US data privacy program that protects customer data, respects privacy rights, and aligns with emerging state privacy laws such as California's CPRA (California Consumer Privacy Act), Virginia's VCDPA (Virginia Consumer Data Protection Act), and others.
PCI DSS - SAQ A
PCI DSS (Payment Card Industry Data Security Standard) protects cardholder data throughout payment processing. SAQ A (Self-Assessment Questionnaire A) is a streamlined version of the assessment for companies with limited handling of payment data.
VeloDB's PCI DSS compliance gives e-commerce platforms, fintech companies, and any organization processing payments the assurance that transactions are handled securely and meet strict industry standards.
How Compliance at VeloDB Benefits Your Business
VeloDB's compliance certifications deliver immediate business value to customers seeking a fast, real-time analytical data warehouse service in the cloud:
- Faster Procurement and Sales Cycles With all major compliance certifications already in place, VeloDB eliminates a key bottleneck in enterprise procurement — security reviews. There's no waiting for additional audits, no back-and-forth over missing certifications. VeloDB is enterprise-ready from day one, allowing you to onboard faster, launch projects sooner, and start seeing value immediately.
- Reduced Compliance Overhead Instead of managing multiple vendors with varying compliance levels, customers get comprehensive protection through a single, trusted partner in VeloDB. This significantly reduces the administrative burden on internal compliance teams, and free your team to focus on strategic initiatives instead of complex audits.
- Trust & Credibility Compliance reflects a company's culture and priorities. VeloDB's commitment to achieving and maintaining globally recognized security and privacy standards demonstrates to customers, partners, and regulators that we take security and privacy seriously. It's a clear signal that you're working with a provider built for reliability, accountability, and long-term trust.
Learn More and Get Started
Security and performance go hand in hand at VeloDB. Visit our Trust Center to explore the full compliance framework behind VeloDB Cloud — so you can make informed decisions and build with confidence.
If you want to learn more about VeloDB (real-time data warehouse built on Apache Doris), contact the VeloDB team to discuss with technical experts and connect with other users, or join the Apache Doris community.
