Compliance

src/app/additional-content/compliance-measures/page.md

@@ -0,0 +1,25 @@
+---
+title: Compliance measures
+---
+
+## SOC 2 Type 2
+
+System and Organization Control 2 Type 2 (**[SOC 2](https://www.aicpa-cima.com/topic/audit-assurance/audit-and-assurance-greater-than-soc-2)**) is a compliance framework developed by the American Institute of Certified Public Accountants (**[AICPA](https://us.aicpa.org/forthepublic)**) that focuses on how an organization's services remain secure and protect customer data. The framework contains 5 Trust Services Categories (**[TSCs](https://www.schellman.com/blog/soc-examinations/soc-2-trust-services-criteria-with-tsc)**), which contain criteria to evaluate the controls and service commitments of an organization.
+
+**Replay has a SOC 2 Type 2 attestation for Security, Confidentiality, and Availability**.
+
+More information is available at [security practices](additional-content/security-practices)
+
+## GDPR
+
+The EU General Data Protection Regulation (GDPR), is a comprehensive data protection law that governs the use, sharing, transfer, and processing of EU personal data. For UK personal data, the provisions of the EU GDPR have been incorporated into UK law as the UK GDPR
+
+Replay supports GDPR compliance, which means that we commit to the following:
+
+- Implement and maintain appropriate technical and organizational security measures surrounding customer data
+- Notify our customers without undue delay of any data breaches
+- Impose similar data protection obligations on our sub-processors as we do for ourselves
+- Respond to applicable **[data subjects rights](https://vercel.com/legal/privacy-policy#eea)**, including requests for access, correction, and/or deletion of their personal data
+- Rely on the EU Standard Contractual Clauses and the UK Addendum as valid data transfer mechanisms when transferring personal data outside the EEA
+
+For more information on how Replay protects your personal data, and the data of your customers, refer to our **[Privacy Policy](https://vercel.com/legal/privacy-policy)** or request our **Data Processing Addendum**.

src/app/additional-content/security-practices/page.md

@@ -2,20 +2,16 @@
 title: Security practices
 ---
 
+## Overview
+
 Security has always been a top priority at Replay. We have focused on making all aspects of the service secure, including product design, server architecture, and employee access. Now, automated monitoring through [Vanta ](https://www.vanta.com/)with formal policies that allow us to stay up to date on our security posture at all times.
 
 We do our best to document our approach to Software Development, Encryption, Authentication, Access Control and other topics in our [Security and Privacy](https://www.replay.io/security-privacy) page.
 
 Feel free to reach out to <[email protected]> if you would like more information about our security practices or a copy of our SOC 2 Type 1 and Type 2 reports.
 
----
-
 ## Security Baseline
 
-### Compliance with SOC2 Type ||
-
-We began our SOC2 journey in late 2021 and made improvements to our security posture across all aspects of our operations. _We’re never done working on our security program and we’re committed to sharing information about our security improvements going forward._
-
 ### Strong Identity and Access Management Practices
 
 We access our AWS Console and APIs using SSO. Additionally it’s common to use IAM User Credentials for services but this is almost never necessary, and instead we’ve opted to use IAM Roles for our workloads.

src/lib/navigation.ts

@@ -385,6 +385,10 @@ export const navigation: NavigationItem[] = [
     href: '/additional-content',
     icon: 'university',
     links: [
+      {
+        title: 'Compliance measures',
+        href: '/additional-content/compliance-measures',
+      },
       {
         title: 'Privacy principles',
         href: '/additional-content/privacy-principles',