PCI Level 1

OnceHub is a PCI DSS level 1 service provider. Our payment platform has achieved certified compliance against all PCI DSS version 3.2 requirements and is validated annually by an independent PCI Qualified Security Assessor. We protect your payment data before, during, and after purchase.

View our PCI Certificate of Compliance

SOC 2

OnceHub is audited for SOC 2 Type 2 compliance by Ernst & Young. The SOC 2 report outlines how our controls and processes uphold the trust service principles of security, confidentiality, privacy, availability, and processing integrity. Auditing of this report is conducted over a one year monitoring period for both suitability and effectiveness.

Request a copy of our SOC II Report

HIPAA

OnceHub complies with the policies and processes required to protect your data and to satisfy HIPAA and the HITECH Act. All electronic protected health information (ePHI) collected, stored, and distributed by OnceHub products is encrypted both at rest and in transit, ensuring the highest level of security.

View our Business Associate Agreements

FERPA

We provide educators and other members of the education community with the tools necessary to maintain compliance with the Family Educational Rights and Privacy Act (FERPA). We have multiple checks in place to ensure that only authorized users have access to data. As the data controller, educational organizations can export, correct, and share their OnceHub data as they see fit.