Compliance

Gigya maintains compliance with trusted organizations and social networks to ensure responsible data management.

Regional Privacy Regulations

Gigya offers multiple data centers (US, EU, Russia, and Australia), helping our multi-national client base to meet in region storage requirements. As a global company, Gigya is committed to safeguarding the privacy of its customers’ PII (Personally Identifiable Information) according to local and international privacy laws. Gigya tracks relevant privacy regulations and any changes to those regulations, evaluating and addressing any impact they may have on the Gigya platform or Gigya’s clients.

PCI DSS

Gigya does not collect, store, manage or transfer any credit card data on behalf of our customers, and is therefore not subject to the Payment Card Industry Data Security Standard.

COPPA

Though responsibility for complying with the Children’s Online Privacy Protection Act (COPPA) falls to Gigya’s customers, Gigya helps facilitate COPPA compliance by enabling age-gating for site access and preventing the storage of PII for users under 13 via our Registration-as-a-Service product. In addition, Gigya customers do not need to be concerned about COPPA compliance as a result of loading Gigya’s JavaScript library, as Gigya never amasses user profiles across websites and only cookies users to the extent necessary for internal reporting and service support.

Social Network Policies

Gigya offers several tools to help our customers maintain social network policy compliance. These include:

Automatic Account Deletion: If a user revokes data access permission from a site’s Facebook app, then all of his non-public profile information will be deleted from the site’s database.

Automatic Account Updates: If a user logs into a site using Facebook and later updates his Facebook profile, his profile information will also be updated in the site’s database to ensure the data is always fresh and up-to-date.