EGElitesgenfor Institutions
Trust · Compliance

Compliance, named, scoped, and dated.

Every regulation is listed with scope, posture, and the statutes it actually covers. If we are aligned rather than certified, we say so. If a law is new, we note where we are on the tracking matrix.

HIPAA

HIPAA aligned, BAA available.

ScopeHealth system and covered-entity deployments.

  • Business Associate Agreement executed before PHI touches the platform.
  • Field-level encryption for PHI in transit and at rest.
  • Audit trail for every access to PHI, retained per customer policy.
  • Breach notification under the Breach Notification Rule within regulatory timeframes.
  • Workforce training covering HIPAA Privacy and Security Rules annually.
FERPA

FERPA aligned for K-12 and higher-ed deployments.

ScopeSchool officials with legitimate educational interest pattern.

  • Education records handled under the school-official exception with documented purpose.
  • Directory information respected per district or institution policy.
  • Parent and eligible-student consent flows for K-12 deployments.
  • Annual notification language available for district publication.
  • Data-sharing boundaries documented in the DPA and Order Form.
GDPR

GDPR ready with EU data residency option.

ScopeEU data subjects and EU-based institutional customers.

  • Standard Contractual Clauses (SCCs) available for cross-border transfers.
  • EU data residency available on Enterprise tiers.
  • Data Processing Addendum published and available pre-contract.
  • Data Protection Officer contact routed through privacy@elitesgen.com until separately seated.
  • Records of processing activities maintained per Article 30.
State privacy laws

Tracked by jurisdiction, updated as laws change.

ScopeNamed statutes with current coverage posture.

  • CCPA and CPRA (California): consumer request workflow, do-not-sell posture structurally met.
  • NY SHIELD Act: reasonable safeguards documented; breach notification workflow in place.
  • TX SB8 and the Texas Data Privacy and Security Act: consumer rights and controller obligations mapped.
  • VA CDPA: processor obligations documented; DSAR workflow operational.
  • Newer state laws (CO, CT, UT, OR, MT, TN, IA) tracked and added to the matrix as they take effect.
Accessibility

WCAG 2.2 AA, on an ongoing audit cycle.

ScopePlatform UI, admin console, public marketing site.

  • Conformance target: WCAG 2.2 Level AA across the consumer app, admin console, and marketing surfaces.
  • Accessibility audit performed annually by a third-party specialist; remediation tracked publicly for customers.
  • Keyboard-first navigation and screen-reader labels shipped as default component behavior.
  • Color contrast minimums enforced through design tokens.
  • Accessibility statement and accommodation contact available on request for institutional deployments.
Documentation

Need a BAA, DPA, or jurisdiction letter?

We publish what we can and execute the rest under mutual NDA. Turnaround is usually two business days or fewer.

Email privacy@elitesgen.comRead the DPA structure
Foundation-backed

Elitesgen, Inc. is wholly owned by Elites Generation Foundation, a 501(c)(3) whose charter legally forbids behavioral advertising and the sale of individual user data.

Visit elitesgen.org
Next step

Bring a jurisdiction-specific diligence question.

We scope demos to your regulatory context. Health system, school district, EU institution, municipal. The compliance answer is different for each, and it should be.

Book a demoEmail privacy@elitesgen.com