We understand that you're entrusting us with sensitive financial data. Security isn't an afterthought—it's built into everything we do.
GDPR Compliance
We've implemented a comprehensive GDPR compliance framework to protect your data and your clients' data.
We've conducted a thorough DPIA to identify and minimise the data protection risks of our processing activities. This is reviewed regularly as our platform evolves.
We maintain a comprehensive record of all processing activities, including the purposes, data categories, retention periods, and security measures for each type of processing.
Our privacy policy clearly explains what data we collect, how we use it, who we share it with, and your rights. It's written in plain English, not legal jargon.
We have documented procedures for handling data subject requests including access, rectification, erasure, and portability. We respond within the statutory timeframes.
Technical Security
We implement comprehensive technical measures to protect personal data against unauthorised access, loss, or destruction.
All data is encrypted using AES-256 encryption when stored.
All data transmissions are protected using TLS 1.3 encryption.
MFA is mandatory for all user accounts accessing the platform.
Access controls based on the principle of least privilege.
Continuous security monitoring and intrusion detection systems.
Regular automated backups with disaster recovery procedures.
Comprehensive logging of all access and changes for audit trails.
Regular security testing and vulnerability assessments.
Your data never leaves the UK. We use AWS infrastructure based in the London region (eu-west-2), ensuring your sensitive financial data remains within UK jurisdiction at all times.
All data processing and storage occurs exclusively within UK borders
Organisational Security
Technical measures are only part of the picture. We've also implemented robust organisational practices.
All team members receive regular training on data protection, security awareness, and our internal policies. This ensures everyone understands their responsibilities when handling sensitive data.
We maintain comprehensive policies covering information security, acceptable use, access management, and incident response. These are reviewed and updated regularly.
We have documented procedures for identifying, containing, and reporting data breaches. In the event of a breach, we'll notify affected parties within the statutory timeframes.
We carefully assess the security practices of any third-party suppliers before engaging them, and maintain Data Processing Agreements where required.
Additional Protection
We carry appropriate insurance to provide additional protection and peace of mind.
We carry professional indemnity insurance to protect against claims arising from professional advice, errors, or omissions in our service.
We carry cyber liability insurance covering data breaches, cyber attacks, and related costs including notification and remediation expenses.
We're happy to discuss our security practices in more detail or answer any questions about how we protect your data.
Get in Touch