Prog Network

Compliance

Last updated: January 2025

Overview

ProgNetwork is committed to maintaining the highest standards of compliance with applicable laws, regulations, and industry best practices. This page outlines our compliance framework and commitments.

Data Protection Compliance

GDPR Compliance

We comply with the General Data Protection Regulation (GDPR):

  • Data Processing: We process personal data lawfully, fairly, and transparently
  • Data Subject Rights: We respect and facilitate data subject rights
  • Data Breach Notification: We have procedures for timely breach notification
  • Data Protection Impact Assessments: We conduct DPIAs where required

CCPA Compliance

We comply with the California Consumer Privacy Act (CCPA):

  • Consumer Rights: We honor consumer rights to access, delete, and opt-out
  • Privacy Notices: We provide clear privacy notices
  • Data Sales: We do not sell personal information
  • Verification: We verify consumer requests appropriately

Security Compliance

SOC 2 Type II

We maintain SOC 2 Type II compliance:

  • Security Controls: Comprehensive security measures
  • Availability: High availability and reliability
  • Processing Integrity: Accurate and complete processing
  • Confidentiality: Protection of sensitive information
  • Privacy: Protection of personal information

ISO 27001

We follow ISO 27001 information security standards:

  • Information Security Management System
  • Risk Assessment and Treatment
  • Security Controls Implementation
  • Continuous Monitoring and Improvement

Financial Compliance

PCI DSS

For payment processing, we maintain PCI DSS compliance:

  • Secure Network: Protected network infrastructure
  • Cardholder Data Protection: Secure data storage and transmission
  • Vulnerability Management: Regular security updates
  • Access Control: Restricted access to cardholder data
  • Monitoring and Testing: Continuous security monitoring
  • Security Policy: Comprehensive security policies

SOX Compliance

We maintain Sarbanes-Oxley Act compliance:

  • Financial Reporting: Accurate financial reporting
  • Internal Controls: Strong internal control environment
  • Audit Trails: Comprehensive audit trails
  • Documentation: Proper documentation and record-keeping

Industry-Specific Compliance

Nonprofit Compliance

For nonprofit organizations using our platform:

  • IRS Compliance: Support for IRS reporting requirements
  • Donor Privacy: Protection of donor information
  • Fundraising Regulations: Compliance with fundraising laws
  • Transparency Requirements: Support for transparency reporting

Political Campaign Compliance

For political campaigns and organizations:

  • FEC Compliance: Federal Election Commission requirements
  • Campaign Finance: Proper campaign finance reporting
  • Voter Data Protection: Secure handling of voter information
  • Disclosure Requirements: Support for disclosure obligations

Political Donations Compliance

Gift Caps

We enforce a $20,000 per donor per recipient per year cap, and a $640,000 aggregate cap, in line with the Electoral Legislation Amendment (Electoral Reform) Act 2025.

Disclosure Requirements

All donations above $5,000 (indexed) are disclosed to the AEC in real time, within 7 days, or 24 hours during election periods.

Foreign Donor Restrictions

We automatically block gifts over $1,000 from foreign donors to ensure compliance with Australian electoral laws.

Federal Account Usage

All donations are routed through mandatory federal accounts for eligible campaigns, ensuring proper regulatory oversight.

State-Level Compliance

We support state-level compliance requirements, including lower thresholds and donor bans where applicable in different jurisdictions.

Automatic Compliance

Donations breaching caps or legal requirements are automatically refunded or reversed to maintain regulatory compliance.

Transparency Features

  • Donors receive real-time receipts and disclosure notes
  • Campaigns can generate AEC-compliant reports at any time
  • Full audit trail maintained for all transactions

International Compliance

Cross-Border Data Transfers

We ensure compliance with international data transfer requirements:

  • Adequacy Decisions: We rely on adequacy decisions where available
  • Standard Contractual Clauses: We use SCCs for data transfers
  • Binding Corporate Rules: We implement BCRs where applicable
  • Local Law Compliance: We comply with local data protection laws

Regional Requirements

We comply with regional requirements:

  • EU Data Protection: Full GDPR compliance
  • UK Data Protection: UK GDPR compliance
  • Canadian Privacy: PIPEDA compliance
  • Australian Privacy: Australian Privacy Principles

Certifications and Audits

Third-Party Audits

We undergo regular third-party audits:

  • Annual Security Audits: Comprehensive security assessments
  • Penetration Testing: Regular penetration testing
  • Vulnerability Assessments: Ongoing vulnerability scanning
  • Compliance Reviews: Regular compliance assessments

Certifications

We maintain relevant certifications:

  • Security Certifications: Industry-recognized security certifications
  • Privacy Certifications: Privacy-focused certifications
  • Quality Management: ISO 9001 quality management
  • Environmental Management: ISO 14001 environmental management

Compliance Monitoring

Continuous Monitoring

We maintain continuous compliance monitoring:

  • Automated Monitoring: Real-time compliance monitoring
  • Regular Assessments: Periodic compliance assessments
  • Incident Response: Rapid response to compliance incidents
  • Documentation: Comprehensive compliance documentation

Training and Awareness

We ensure compliance awareness:

  • Employee Training: Regular compliance training
  • Policy Updates: Timely policy updates and communication
  • Best Practices: Industry best practice implementation
  • Continuous Improvement: Ongoing compliance improvement

Reporting and Transparency

Compliance Reports

We provide compliance reporting:

  • Annual Reports: Comprehensive annual compliance reports
  • Incident Reports: Timely incident reporting
  • Audit Reports: Third-party audit reports
  • Transparency Reports: Regular transparency reporting

Stakeholder Communication

We maintain open communication:

  • Customer Updates: Regular customer compliance updates
  • Regulatory Communication: Open communication with regulators
  • Industry Participation: Active participation in industry groups
  • Public Disclosure: Transparent public disclosure

Contact Information

For compliance-related questions, contact us at:

  • Email: contact@prog.network

Updates

This compliance information is updated regularly to reflect current requirements and our compliance status. Significant changes are communicated to stakeholders and posted on our website.