🔒
Defence-in-Depth
Encryption, VPC isolation and zero-trust access controls at every layer.
Information security is embedded in every stage of our engineering and operations. Below is a summary of key practices and our compliance roadmap. Detailed artefacts, including architecture diagrams and policy documents, are available under NDA.
📜
Compliance Ready
SOC 2, GDPR and HIPAA alignment with documentation you can review.
🔍
Transparent Audits
Annual third-party pen-tests & continuous vulnerability scanning.
Operational controls
- Encryption at rest & in transit (TLS 1.2+, AES-256).
- Single-tenant data isolation for enterprise plans.
- Least-privilege IAM with quarterly access reviews.
- 24/7 intrusion detection & continuous dependency scanning (Snyk).
- Annual CREST-certified penetration testing – reports on request.
- Automated backups with 35-day retention & verified restores.
Compliance status & roadmap
✅
SOC 2 Type II
Audit in progress – report available Q4 2025.
🛡️
ISO 27001
Planned certification during 2026.
🇪🇺
GDPR
EU data residency and SCC-backed DPA available.