Trust Center

Last updated: May 3, 2026

Single-page summary of every regulatory framework, security control, and compliance status that applies to Intelloro.

Privacy

Multi-jurisdiction policy stack: GDPR + UK GDPR + CCPA + 6 US state laws + PIPEDA + Quebec Law 25 + LGPD + PDPO. Children-specific frameworks (UK Children's Code, CA AADC, GDPR Art. 8, Brazil ECA Digital) in progress — will activate when age-detection is deployed.

Platform Regulation

EU Digital Services Act (Art. 15-21 documented; Art. 30 vendor verification in progress), EU AI Act (limited-risk classification + Art. 4 + 50 disclosure), DMCA, CAN-SPAM — documented and live.

Security

TLS encryption in transit (Vercel) + encryption at rest (MongoDB Atlas) + restricted admin access. SOC 2 + ISO 27001 in progress.

Compliance Matrix

Framework	Region	Status	Implementation
GDPR (Regulation 2016/679)	EU/EEA	Compliant	Lawful basis mapped, DSAR API, breach 72hr, SCCs+TIA
UK GDPR + DPA 2018	United Kingdom	Compliant	Same as GDPR, ICO complaints supported
CCPA / CPRA	California, USA	Compliant	Do Not Sell page, CPPA-compliant rights flow
California Delete Act (SB 362)	California, USA	Not Applicable	Not registered as Data Broker (no third-party data sourcing)
Texas TDPSA	Texas, USA	Compliant	Targeted ad + profiling opt-out, 45-day SLA
Virginia VCDPA	Virginia, USA	Compliant	Same as Texas TDPSA framework
Colorado ColoPA	Colorado, USA	Compliant	GPC signal honored, profiling opt-out
Connecticut CTDPA	Connecticut, USA	Compliant	Same framework as ColoPA
Utah UCPA	Utah, USA	Compliant	Targeted advertising opt-out
Oregon OCPA	Oregon, USA	Compliant	Same framework as ColoPA
Quebec Law 25	Canada (Quebec)	Partial	Privacy Officer named + automated-decision rights documented; PIA framework will be conducted when triggering processing arises
Federal PIPEDA	Canada	Compliant	OPC complaints supported
LGPD (Law 13.709/2018)	Brazil	Compliant	DPO contact, ANPD complaint path
ECA Digital (Law 15.211/2025)	Brazil (minors)	In Progress	Will apply Privacy-by-Design defaults where minor identified; age-detection not yet deployed
Bangladesh PDPO 2025	Bangladesh	Compliant	DPO appointed, lawful basis, cross-border safeguards
COPPA (15 USC §§ 6501-6506)	USA (children)	Compliant	No knowing collection from under-13
GDPR Art. 8 (children)	EU/EEA	In Progress	Will require parental consent where minor identified; age-detection not yet deployed
UK Children's Code	United Kingdom	In Progress	Will apply ICO Children's Code where minor identified; age-detection not yet deployed
California AADC	California, USA	In Progress	Will apply privacy-by-default where minor identified; age-detection not yet deployed
EU Digital Services Act (DSA)	EU/EEA	Partial	Art. 16 notice form, Art. 17/20/21 process documented, Art. 15 transparency report scheduled. Art. 30 trader-verification flow being implemented
EU AI Act (Reg. 2024/1689)	EU/EEA	Partial	Limited-risk self-classification, Art. 50 disclosure on /ai-disclosure, Art. 4 AI literacy via public methodology. AI-generated content labelling on detail pages being implemented
DMCA	USA	Compliant	Designated agent, takedown + counter-notice
CAN-SPAM Act	USA	Compliant	Single-click unsubscribe in every email
ePrivacy Directive (cookies)	EU/EEA	Compliant	Granular consent banner, GPC honored
WCAG 2.1 Level AA	Global	In Progress	Self-evaluation, see Accessibility Statement
Section 508 (Rehab Act)	USA Federal	In Progress	Aligned with WCAG 2.1 AA approach
European Accessibility Act	EU/EEA	In Progress	Preparing for June 2025 enforcement deadline
TLS encryption (in transit)	Global	Compliant	Provided by Vercel edge
Encryption at rest	Global	Compliant	Provided by MongoDB Atlas
SOC 2 Type II	USA / Global	In Progress	Internal controls aligned with framework; external CPA audit not yet engaged
ISO 27001	Global	In Progress	Internal controls aligned with framework; certification not yet pursued
GDPR Art. 27 EU Representative	EU/EEA	In Progress	Appointment under evaluation; direct contact via info@intelloro.com pending
UK GDPR Art. 27 UK Representative	UK	In Progress	Appointment under evaluation

Status Legend

Compliant — Framework is fully implemented and documented; user-facing rights are active.
In Progress — Implementation is underway; baseline obligations are met but full conformance is being completed.
Self-Declared — Internal controls aligned with the framework; no external audit completed yet.
Partial — Some elements implemented; gaps identified and prioritized for remediation.
Not Applicable — Framework does not apply to Intelloro's current operations.

Quick Links

Full multi-jurisdiction policy with lawful basis mapping

Cookie Policy

Cookie types, opt-out controls, GPC signal support

User obligations, AI disclosure, EU/UK consumer protections

Community Guidelines

UGC policy, moderation process, DSA Art. 17/20/21

Transparency Report

Annual DSA Art. 15 moderation metrics

AI Disclosure

EU AI Act Art. 4 + 50, ranking methodology

Accessibility Statement

WCAG 2.1 Level AA conformance status

Vendor Terms

Trader verification (DSA Art. 30), listing accuracy

DMCA Policy

Do Not Sell My Personal Information

CCPA / CPRA opt-out controls

Content Reporting

DSA Art. 16 notice form

Refund Policy

Paddle Merchant of Record

Need More Detail?

Enterprise customers, security teams, and regulators may request the underlying documents (Transfer Impact Assessment, Privacy Impact Assessments, DPA templates, security questionnaire responses) by emailing info@intelloro.com with the subject “Trust Center Request”.

Response SLA: 5 business days for security questionnaires; 30 days for DSAR / data export.