Is AffiliateHubPro SOC 2 certified?

SOC 2 Type II is in progress. A readiness letter and architecture diagrams are available under NDA today; the full report is expected this fiscal year.

Where is data stored?

Default residency is US East. EU residency in eu-west-1 is available on request. Stripe handles payment data per its own residency policies.

Yes. Our standard DPA includes the EU Standard Contractual Clauses and the UK IDTA. Contact privacy@affiliatehubpro.com to countersign.

← trust center

Compliance the procurement team actually signs.

GDPR, CCPA, DAC7, and PCI-DSS via Stripe handled out of the box. SOC 2 Type II in progress with a readiness letter available under NDA today. Powered by Conduit™.

Request DPA Compliance packet

// frameworks

Where we stand on each regulation.

Compliant

GDPR

EU SCCs in our DPA, 30-day subprocessor notice, data export and erasure workflows for every merchant and affiliate.

Compliant

CCPA / CPRA

California consumer rights honored. Sale/share opt-out respected; we don't sell personal information.

Compliant

DAC7

EU platform reporting obligations handled via Stripe Connect Express tax-form collection (W-8BEN, residency, TIN).

SAQ-A via Stripe

PCI-DSS

Card data never touches our infrastructure. Stripe Elements & SetupIntent handle PAN; we store only tokens and last-fours.

In progress

SOC 2 Type II

Readiness audit complete; observation window in progress. Readiness letter available under NDA today.

Consent-aware

ePrivacy / cookies

First-party attribution by default. Affiliate dashboards expose consent state per click for downstream compliance.

// data subject rights

Rights we honor for every merchant and affiliate.

Access

Export every record we hold about a merchant or affiliate as CSV + JSON. Fulfilled within 30 days.

Erasure

Closure of an account triggers deletion of personal data after a 30-day grace period, retaining only what tax law requires.

Rectification

Self-serve edit for profile, payout, and tax-form fields. Audit-logged for both parties.

Portability

Machine-readable export of conversions, clicks, commissions, and payouts for migration to another platform.

// residency

Where your data lives.

Default storage is US East. EU residency in eu-west-1 is available on request for merchants that need it. Stripe handles payment data per its own residency policies.

See security architecture

US (default)	us-east-1 · Postgres + storage
EU (on request)	eu-west-1 · Postgres + storage
Edge	Cloudflare global · cached, not stored
Payments	Stripe · per Stripe residency policy

// tax

Tax forms, the easy way.

Stripe Connect Express collects the right forms for every affiliate based on their country, then files the right reports on your behalf.

W-9

US individuals & US entities

W-8BEN

Non-US individuals

W-8BEN-E

Non-US entities

1099-NEC

US filings ≥ $600 / year

1099-K

Marketplace facilitator filings

DAC7

EU platform operator reports

Need a specific clause, residency, or report?

Procurement, legal, or privacy teams can reach our compliance lead directly. We turn requests around in 2 business days.

privacy@affiliatehubpro.com