Security and compliance

Pixonality is committed to protecting personal and organizational information and meeting recognized security and privacy standards.

SOC 2 Type II compliant

Pixonality has completed a SOC 2 Type II examination under the AICPA Trust Services Criteria for Security and Confidentiality.

This independent third-party examination is based on an independent third-party audit that evaluates the design and operating effectiveness of our controls over a defined period of time.

The SOC 2 Type II report provides assurance that our technical and organizational measures are consistently implemented to protect data against unauthorized access, disclosure, and compromise.
Annual audits ensure that these controls remain effective and reflect our ongoing commitment to secure and confidential data handling.

For more information or documentation on security and compliance, contact the Office of Information Security.

Law 25 and PIPEDA compliant

Pixonality complies with Quebec’s Act respecting the protection of personal information in the private sector (Law 25, RLRQ c. P-39.1) and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA, S.C. 2000, c. 5).

We treat both laws as comprehensive privacy governance frameworks.

Our privacy program is built around core obligations and principles such as accountability, lawful and limited collection, purpose specification, data minimization, retention management, and transparency.

We apply privacy-by-design principles across our systems and processes, enabling individuals to exercise their rights of access, correction, withdrawal of consent, and informed decision-making regarding their personal information.

GDPR compliant

Pixonality processes personal data in accordance with the General Data Protection Regulation (GDPR), which establishes a comprehensive legal framework governing the lawfulness, fairness, and transparency of personal data processing.

We apply GDPR privacy principles—including purpose limitation, data minimization, and storage limitation—through a privacy-by-design approach embedded in our operational and governance processes.

This framework enables data subjects to effectively exercise their rights, including access, rectification, erasure, restriction of processing, and data portability, while ensuring that personal data is handled in a secure and controlled manner.