Security & Trust Center

ISO 27001 certified. EU-hosted. Audit-ready.

Everything your security, legal and procurement teams need to approve Springcast, certifications, EU data residency, DPA and sub-processor transparency, in one place.

ISO/IEC 27001:2022, certified by Brand Compliance, RvA accreditation C 548

Trusted by 200+ organizations · EU-hosted in the Netherlands · ISO 27001 certified · Full DPA available

EuropolEuropean ParliamentKPMGJust Eat TakeawayAXAAllianzDAFTU Eindhoven
Certifications & documents

Certifications and documents in one place

ISO/IEC 27001:2022

Independently certified by Brand Compliance under RvA accreditation (C 548). Our information security management system is audited every year.

Request certificate details →

EU data hosting (Netherlands)

All podcast data is stored and processed in the Netherlands. No transfer to the US for core platform functionality.

See data residency →

GDPR Article 28 DPA

A full Data Processing Agreement is included, not bolted on. Signed before you publish a single episode.

Download the DPA →

Sub-processor transparency

A public, up-to-date register of every sub-processor that touches your data.

Download the register →

EcoVadis Gold

Awarded the EcoVadis Gold medal for sustainable, responsible business practices.

About our rating →

Terms (NLdigital)

Standard terms based on the NLdigital framework, widely accepted by Dutch and EU procurement teams.

Download the terms →

Security

Security by design, not by afterthought.

Compliance certifications confirm a security framework exists. Here is the framework, the controls behind the badge.

  • ISO 27001:2022 certified information security management system
  • AES-256 encryption at rest
  • TLS 1.2+ encryption in transit
  • Independent third-party penetration testing
  • Incident response tested annually · breach notification < 72h
  • Single sign-on (SSO) and role-based access controls
  • EU-only data residency
  • SOC 2 controls
30,000+

episodes published every year on Springcast.

200+

organizations trust Springcast with compliance-sensitive podcast data.

100%

EU data residency, stored and processed in the Netherlands.

Frequently asked

Questions your security team will ask

Yes, ISO/IEC 27001:2022, independently certified by Brand Compliance under RvA accreditation (C 548). The certificate is reviewed every year; you can request a copy from our team.
All data is stored and processed in the Netherlands, within the EU. No podcast data is transferred to the US for core platform functionality.
Yes. A full GDPR Article 28 DPA is included and can be signed before you publish. A standard DPA is available to download.
Yes, we maintain a public, up-to-date sub-processor register, available as a downloadable PDF.
Yes. EU-hosted, GDPR Article 28 data processing, privacy by design and full data-subject support.
Contact our compliance team. We provide the ISO 27001 certificate, audit pack, DPA and sub-processor overview for procurement and security reviews.

Bring Springcast through your next security review.

Get the ISO 27001 certificate, audit pack, DPA and sub-processor overview from our team.