Proving to auditors that you comply with industry requirements can be a headache. We make it easy. Learn how Deft supports your compliance requirements for GDPR, PCI DSS, HIPAA, and more.

SOC 2 Report

Deft’s annual SOC 2 audit serves as the foundation for helping customers satisfy vendor management needs and meet their own compliance requirements, including HIPAA.

The report contains an Auditor’s Opinion on the suitability of the design of Deft’s controls evaluated over a 12-month period to determine if they are functioning as described.

To request a copy of Deft’s audit report, email


Deft complies with GDPR through the information-collection disclosures in our Privacy Policy.

We utilize servers located in the United States as well as the European Economic Area (EEA) and Asia to collect, store, and process the data we collect, all of which are based within areas where the EU has determined adequate data protection laws are in place to protect your data.

We reserve the right to keep network logging data for a period of time adequate to ensure network security and safety for the systems we use and host customer data on in any country. Pursuant to regulatory, legal, and security requirements in Chapter 2 of the General Data Protection Regulation, this timeline is determined based on the type of data, the security implications of storing the data, the legal requirements Deft must meet with the data, and the privacy of the individual referenced in the data.

We take the security of our data very seriously and have a responsibility to the individuals we hold data on behalf of on our systems and servers. Please refer to our Privacy Policy for more specifics on the security measures we put in place to protect your data on our systems or the following headings below to review what kind of data we keep and the process to request, review, change, or remove data we hold.


Services that are in scope for PCI DSS compliance include colocation, custom private clouds, and custom public clouds.


Deft’s annual AT-101 SOC 2 Type II audit serves as the foundation for helping our healthcare customers meet their HIPAA compliance requirements.

We also regularly enter into Business Associate Agreements (BAAs) to support our healthcare customers.

You can use our handy checklist to help prepare your organization for HIPAA compliance.

Still need help? Send us a note!

Questions, comments or complaints regarding Deft’s compliance can be mailed or emailed to:

Deft Legal Department
111 W. Jackson Blvd. Ste. 1600
Chicago, IL 60604 USA


111 W. Jackson Blvd #1600
Chicago, IL 60604
+1 312-829-1111

© 2021 ServerCentral, LLC dba