Your data security is our top priority

Your data is securely stored and processed on Google Cloud Platform (GCP), a globally recognised cloud provider known for its robust security infrastructure and stringent controls. For our European customers, all data is stored and processed exclusively in Europe. GCP complies with industry standards including ISO 27001, SOC 2, and GDPR, ensuring a secure and resilient environment.

All data transmitted between clients, servers, and external services is protected using Transport Layer Security (TLS) encryption (HTTPS). This prevents unauthorised interception, eavesdropping, tampering, and forgery of your sensitive information.

We implement strong cryptographic techniques to safeguard your most sensitive information:

• •Argon2 cryptographic hashing for all credentials and passwords
• •Data masking and tokenisation for additional security layers
• •Strict access restrictions with comprehensive logging and monitoring

Multi-layered access controls protect your data from unauthorised access:

• •Multi-Factor Authentication (MFA) via email verification
• •SAML 2.0 Single Sign-On (SSO) with Okta, PingIdentity, and other providers
• •OAuth 2.0 integration with Google Authentication
• •Role-Based Access Control (RBAC) ensuring least-privilege access
• •Comprehensive audit logging and anomaly monitoring

We fully comply with UK data protection laws, including the Data Protection Act (DPA) and UK GDPR. Our practices ensure:

• •Compliant processing and storage of Personally Identifiable Information (PII)
• •Data retention policies aligned with legal and industry standards
• •Full customer control over data access, modification, and deletion rights

We are in the final stages of achieving SOC 2 Type II certification. This independent audit validates that our security, availability, and confidentiality controls meet industry-recognised standards, further reinforcing our commitment to protecting your data.