Compliance
nextdooh runs media on screens. We don't process medical records, store EU customer purchases, or hold Aadhaar numbers. Most of compliance for a signage platform is about what we don't do. Here's what that looks like for HIPAA, GDPR, and India's DPDP Act.
Why nextdooh's standard signage doesn't need a Business Associate Agreement, what triggers a custom engagement, and how we structure deployments that do touch PHI.
Read the posture
Roles, lawful bases, SCC-based transfers, sub-processor list, data-subject rights, and breach notification. EU residency available on request.
Read the posture
How we map to India's Digital Personal Data Protection Act — Data Fiduciary obligations, notice, retention, principal rights, and breach reporting.
Read the posture
Each posture above ships with a signed PDF you can forward to your procurement or security team. After signing in, open Settings → Compliance & security documents to download. Custom-scope engagements (BAA, EU residency, dedicated VNet, on-demand data purge) are scoped via [email protected].
Responsible disclosure: [email protected] — we respond within 5 business days.