---
title: Compliance and Certifications | Tabstack
description: Tabstack's compliance posture and certification status.
---

This page documents Tabstack’s compliance posture.

---

## Certifications

Tabstack does not currently hold any third-party security certifications. SOC 2 (Type I or Type II) and ISO 27001 are **not currently held**. This is consistent with the comparison pages, which state Tabstack has no formal SOC 2 certification.

## Data processing and privacy

GDPR and CCPA data-subject rights are documented in the [privacy policy](#privacy-policy), and a Data Protection Officer is reachable at <dpo@mozilla.com>. The sub-processors named in the privacy policy are Google Cloud Platform and OpenAI.

## Privacy policy

The canonical privacy policy is at <https://tabstack.ai/legal/privacy>. It documents retention windows for IP logs (60 days), referral data (30 days), and opt-in browsing history (90 days).