What is the basis for the MailMergic Offline app's HIPAA, PCI, and GDPR compliance?

Q: What is the basis for the MailMergic Offline app's HIPAA, PCI, and GDPR compliance?

It is architectural: with the offline app your data never leaves your device, so MailMergic neither stores nor processes it. MailMergic does not hold a separate ISO 27001, SOC 2, or penetration-test attestation for the offline app; the audit certifications referenced elsewhere belong to the cloud hosting provider.

These statements are based on the architecture of the app rather than on a certificate. With the offline app, your data never leaves your device, so MailMergic neither stores nor processes it.

This is also why only the offline version is suitable under HIPAA, and why no Business Associate Agreement is required. You can read more in Is MailMergic HIPAA compliant?.

MailMergic does not hold an independent certification such as ISO 27001 or SOC 2, or a penetration-test attestation, for the offline app specifically. The third-party audit certifications referenced elsewhere belong to the cloud hosting provider and apply to the online service.