How we protect
your data.
We are not independently certified — yet.
We do not hold SOC 2, ISO 27001, HIPAA or PCI-DSS certification, and we don't offer a contractual uptime SLA. Plenty of companies our size put those badges on the page anyway. We won't. If your procurement process requires a certification we don't have, tell us — we'll say so honestly rather than waste your time.
What we can do is walk you through exactly how the system is built, where your data lives, and who can reach it. Ask us anything.
The controls that are real.
Encryption
Your data is encrypted in transit over HTTPS/TLS, and encrypted at rest by our cloud database provider.
- ✓TLS for all traffic
- ✓Encryption at rest
- ✓No data sold or shared
Access control
Every user gets a role. People see the records their role allows and nothing more. Admins control who can view, edit and approve.
- ✓Role-based permissions
- ✓Per-user accounts
- ✓Admin-managed roles
Audit logs
Key actions in the system are recorded with who did what and when, so you can trace any change back to a person.
- ✓Action history
- ✓Attributed to a user
- ✓Exportable on request
Your data stays yours
Your business data belongs to you. We don't sell it, and we don't train public models on it. Ask us for an export at any time and we'll give you one.
- ✓Export on request
- ✓Deletion on request
- ✓No resale of your data
Found a vulnerability?
Email us and we'll look at it. We don't have a bug bounty programme, but we will always credit you and fix what you find.