Compliance Standards
Purpose:Labs is committed to maintaining the highest standards of data protection and privacy compliance across all jurisdictions where we operate.
Global Privacy Commitment
We proactively comply with major international data protection laws and industry standards, ensuring your personal information is protected regardless of your location.
ICF AI Coaching Standards
Global
International Coaching Federation AI Coaching Standards for Data Privacy
Professional standards for AI-powered coaching services that ensure ethical use of AI and protection of client data in coaching relationships.
Key Requirements
- Transparent AI usage disclosure to clients
- Human oversight of AI coaching interactions
- Confidentiality of coaching conversations
- Secure storage and transmission of coaching data
- Client consent for AI processing
- Regular review of AI bias and fairness
How We Comply
We maintain transparency about AI usage, ensure human coach oversight, implement encryption at rest and in transit for coaching sessions, and regularly audit our AI systems for bias and ethical compliance.
GDPR
EU & UK
General Data Protection Regulation
The GDPR is the EU's comprehensive data protection law that governs how personal data of EU residents is collected, processed, and stored.
Key Requirements
- Lawful basis for processing personal data
- Data subject rights (access, rectification, erasure, portability)
- Data protection by design and by default
- Data breach notification within 72 hours
- Privacy impact assessments for high-risk processing
How We Comply
We implement technical and organizational measures to ensure GDPR compliance, including encryption at rest and in transit, clear consent mechanisms, comprehensive privacy notices, and robust data subject rights processes.
FADP
Switzerland
Federal Act on Data Protection
Switzerland's updated data protection law that aligns with GDPR principles while maintaining specific Swiss requirements.
Key Requirements
- Transparency in data processing
- Data subject rights similar to GDPR
- Data protection by design
- Cross-border data transfer restrictions
- Data breach notification requirements
- Regular data protection impact assessments
How We Comply
Our GDPR-aligned practices ensure FADP compliance, with additional safeguards for Swiss data subjects and appropriate transfer mechanisms for international data flows.
CCPA/CPRA
USA
California Consumer Privacy Act / California Privacy Rights Act
California's comprehensive privacy law that grants consumers specific rights regarding their personal information.
Key Requirements
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of sale of personal information
- Right to non-discrimination for exercising privacy rights
- Right to correct inaccurate personal information
- Right to limit use of sensitive personal information
How We Comply
We provide clear privacy notices, honor all consumer rights requests, do not sell personal information, and implement opt-out mechanisms for California residents.
PIPEDA
Canada
Personal Information Protection and Electronic Documents Act
Canada's federal privacy law that governs how private sector organizations collect, use, and disclose personal information.
Key Requirements
- Consent for collection, use, and disclosure
- Limiting collection to necessary purposes
- Accuracy of personal information
- Safeguards for personal information
- Openness about privacy practices
- Individual access to personal information
How We Comply
We follow PIPEDA's ten privacy principles, obtain meaningful consent, limit data collection to stated purposes, and provide individuals with access to their personal information.
LGPD
Brazil
Lei Geral de Proteção de Dados
Brazil's general data protection law inspired by GDPR, regulating the processing of personal data in Brazil.
Key Requirements
- Legal basis for processing personal data
- Data subject rights (access, correction, deletion, portability)
- Data protection by design and by default
- Data breach notification
- Privacy impact assessments
How We Comply
Our GDPR-compliant framework ensures LGPD compliance, with Portuguese-language privacy notices and appropriate legal bases for processing Brazilian personal data.
PDPA
Singapore
Personal Data Protection Act
Singapore's comprehensive data protection law that regulates the collection, use, disclosure, and care of personal data.
Key Requirements
- Consent for collection, use, and disclosure
- Purpose limitation and notification
- Data accuracy and protection
- Retention limitation
- Data breach notification
- Transfer limitation for personal data
How We Comply
We implement PDPA-compliant consent mechanisms, purpose limitation practices, security safeguards, and appropriate cross-border transfer safeguards for Singapore personal data.
Our Implementation Approach
Privacy by Design
We embed privacy considerations into every aspect of our platform development, from initial design through deployment and ongoing operations.
Technical Safeguards
Secure data transmission, access controls, and regular security audits protect your data at every stage of processing.
Organizational Measures
Clear policies, staff training, incident response procedures, and regular compliance reviews ensure consistent protection standards.
Data Subject Rights
We provide easy-to-use tools for exercising your rights, including data access, correction, deletion, and portability requests.
Cross-Border Transfers
We use adequacy decisions, standard contractual clauses, and additional safeguards to ensure lawful international data transfers.
Continuous Monitoring
Regular compliance assessments, privacy impact assessments, and monitoring of regulatory changes keep our practices current and effective.
Our compliance practices are regularly reviewed and updated to ensure continued alignment with evolving regulations.
Last reviewed: August 18, 2025