Security First

Your data is protected. We follow industry best practices: TLS in transit, encryption at rest, GDPR compliance, regular security reviews, and Hiscox Cyber Insurance (£1M). Formal certifications (SOC 2, ISO 27001) are on our roadmap — we do not claim them today.

Compliance

We comply with major data protection regulations

GDPR

Compliant

Full compliance with EU data protection regulations

UK GDPR

Compliant

Compliant with UK data protection laws

CCPA

On roadmap

California Consumer Privacy Act compliance is planned, not yet certified

How We Protect Your Data

Multiple layers of security protect your data at every level.

Encryption in Transit

All data is encrypted using TLS 1.3 when transmitted between your browser and our servers.

Encryption at Rest

Your data is encrypted at rest using AES-256 encryption in our database.

Secure Infrastructure

Hosted on Vercel (frontend) and Supabase (database) with enterprise-grade security.

Access Controls

Role-based access control (RBAC) ensures users only access what they need.

Authentication

Secure authentication with password strength requirements and OAuth support (Google).

Data Residency

Data stored in secure data centers with high availability and redundancy.

Protected By Design

We implement industry-standard security practices to keep your data safe.

✓ Data encrypted in transit (TLS 1.3) and at rest (AES-256)
✓ Regular security updates and dependency monitoring
✓ Secure password hashing with bcrypt
✓ Protection against common web vulnerabilities (XSS, CSRF, SQL injection)
✓ Rate limiting to prevent abuse
✓ Comprehensive audit logging
✓ Regular database backups
✓ Secure session management

Data Privacy

Your data belongs to you. We never sell, share, or use your data for advertising.