Auware was designed to be secure and simple by minimizing the types of data we handle. Because of this, many of the most common compliance frameworks do not apply directly to us.
PCI-DSS compliance is not relevant for Auware since we never process credit card payments. All checkout activity happens entirely within Shopify or Buyist, both of which are PCI-DSS certified. Auware simply passes visitors into the existing checkout system of your store.
SOC 2 and ISO 27001 are certifications for companies that host sensitive customer data or operate complex SaaS infrastructures. Auware does not store customer records, personally identifiable information, or payment details. The data we do handle is limited to campaign assets, audiences, and performance metrics, which greatly reduces compliance exposure. For that reason, Auware is not SOC 2 or ISO 27001 certified.
HIPAA compliance is also not relevant. Auware is not a healthcare application and does not store or process any protected health information.
GDPR and CCPA are different because they apply broadly to consumer data privacy. Here, Auware’s design again simplifies compliance. Since we do not import or store personal customer data, most of the obligations of these frameworks do not apply directly. The only personal data we maintain is for your Auware account itself (such as your login and team member information). That data is managed in line with standard privacy practices and can be deleted at any time upon request.
To summarize, Auware does not need PCI-DSS or HIPAA compliance because we never process payments or health data. We are not SOC 2 or ISO 27001 certified, since we avoid storing sensitive data in the first place. GDPR and CCPA obligations are minimal for us because customer data never leaves Shopify or Buyist. By focusing only on what we need - audiences, marketing copy, and campaign performance - Auware keeps security simple while letting the platforms designed for sensitive data handle the rest.