Complio is built on a foundation of security, privacy, and transparency. Find our certifications, policies, and legal documentation here.
Complio holds and maintains certifications across the same standards we help our customers achieve. Trust is not just a feature β it's our foundation.
Complio Core's Information Security Management System is certified to ISO 27001:2022. Our ISMS is independently audited annually by an accredited certification body.
Complio is fully compliant with the EU General Data Protection Regulation. We serve as a Data Processor for customers and maintain a comprehensive ROPA and DPA framework.
Compliant with South Africa's Protection of Personal Information Act. Our Information Officer registration and POPIA compliance programme are maintained and current.
As a cloud service provider processing personal data, Complio aligns with ISO 27018 controls for PII protection in public cloud environments.
Our SOC 2 Type II report covering Security, Availability, and Confidentiality trust service criteria is available to enterprise customers under NDA.
Complio undergoes annual external penetration testing by CREST-accredited security firms. All critical and high findings are remediated prior to publication.
Last updated: 1 March 2025
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). We use ISO 27001-certified infrastructure hosted in certified data centres. Access to customer data is strictly role-based and logged. We conduct regular security assessments and maintain a formal incident response programme.
We do not sell your personal data. We engage a limited number of sub-processors (listed in our DPA) to deliver the service. Where data is transferred outside the EU/EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. A full sub-processor list is available on request.
To exercise your rights, email privacy@compliocore.com
We use strictly necessary cookies to operate the platform and optional analytics cookies to improve the product. You can manage cookie preferences via the banner on your first visit or in your account settings. We do not use third-party advertising cookies.
Last updated: 1 March 2025
By accessing or using Complio Core's platform ("Service"), you agree to be bound by these Terms of Service and our Privacy Policy. If you are using the Service on behalf of an organisation, you represent that you have authority to bind that organisation.
You may use the Service only for lawful purposes and in accordance with these Terms. You agree not to use the Service to violate any applicable law, infringe intellectual property rights, transmit harmful or malicious content, or attempt to gain unauthorised access to any system or network.
Pro plan subscriptions are billed monthly or annually in advance. Subscriptions automatically renew unless cancelled before the renewal date. Refunds are available within 14 days of initial payment for annual plans. We reserve the right to change pricing with 30 days' notice.
The Service and its content, features, and functionality are owned by Complio Core (Pty) Ltd and are protected by intellectual property laws. You retain ownership of all compliance data you input into the platform. You grant us a limited licence to process your data solely to provide the Service.
To the maximum extent permitted by law, Complio Core shall not be liable for any indirect, incidental, special, consequential, or punitive damages. Our total liability to you shall not exceed the fees paid by you in the twelve months preceding the claim. The Service is provided to support your compliance activities β it does not constitute legal or regulatory advice.
These Terms are governed by the laws of the Republic of South Africa. Any dispute arising under these Terms shall be subject to the exclusive jurisdiction of the courts of South Africa, without regard to conflict of law principles.
Last updated: 1 March 2025
The information, tools, and templates provided by Complio are intended to support and streamline your compliance management activities. They do not constitute legal, regulatory, or professional advice. Complio makes no representation or warranty, express or implied, that use of the platform will guarantee certification under any standard, satisfy any regulatory requirement, or protect against legal liability.
You are solely responsible for ensuring that your organisation meets applicable legal and regulatory obligations. We strongly recommend that you engage qualified legal counsel, certified auditors, and compliance professionals as part of your compliance programme.
While we strive to keep the information on this website and within the platform accurate and up to date, we make no warranties of completeness, accuracy, or fitness for a particular purpose. Standards, regulations, and best practices evolve β always verify requirements directly with the relevant issuing body or regulatory authority.
Our website and platform may contain links to third-party websites. These links are provided for convenience only. Complio Core has no control over, and accepts no responsibility for, the content or privacy practices of any third-party site. Inclusion of a link does not constitute endorsement.
Complio Core acts as a Data Processor on behalf of its customers (Data Controllers) when processing personal data within the platform. We maintain a comprehensive Data Processing Agreement (DPA) that satisfies GDPR Article 28 requirements.
Our DPA covers:
Our security team is happy to answer any questions about our certifications, policies, or data handling practices.