Corporate, regulatory, and information security disclosures.
The information on this page is provided to support due diligence, vendor onboarding, and KYB / KYC review. For supporting documentation — including certificates of good standing, insurance certificates, and W-9 — contact service@bluepeakdigital.io.
Information security management system aligned to ISO/IEC 27001:2022. SOC 2 Type II audit in progress with completion targeted for Q3 2026. All client data encrypted in transit (TLS 1.2+) and at rest (AES-256).
Compliant with the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA/CPRA). Standard Contractual Clauses are executed with all sub-processors handling personal data outside the EEA.
Zero-tolerance policy compliant with the U.S. Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act 2010. All employees complete annual ABC training.
Customer due diligence procedures applied to all new client engagements. Beneficial ownership verification performed in accordance with FinCEN's Corporate Transparency Act requirements.
All counterparties screened against OFAC SDN, UK HMT Consolidated, and EU consolidated sanctions lists prior to onboarding and on a recurring basis thereafter.
Annual financial review conducted by an independent U.S.-licensed CPA firm. Client media budgets held in segregated, FDIC-insured trust accounts and reconciled monthly.
Professional Indemnity (Errors & Omissions): USD 5,000,000. Cyber Liability: USD 5,000,000. General Liability: USD 2,000,000. Underwritten by AIG. Certificates available on request.
Documented business continuity and disaster recovery plan with quarterly testing. Recovery Time Objective (RTO): 4 hours. Recovery Point Objective (RPO): 1 hour.