Trust Centre

Transparency Builds Trust

We protect our clients' most sensitive information and systems. Here is how we earn and maintain that trust through rigorous security practices, compliance, and transparency.

Contact Security Team

Security Practices

How We Protect Your Data

We apply the same security rigor to our own infrastructure that we recommend to our clients. Here are the key practices that underpin our operations.

Encryption Everywhere

All data is encrypted at rest using AES-256 and in transit using TLS 1.3. We enforce encryption across all client communications, storage systems, and internal tools.

Zero-Trust Access

Our internal systems follow zero-trust principles. Every access request is verified, authenticated with MFA, and logged. No implicit trust is granted to any user or device.

Continuous Monitoring

Our own SOC monitors our infrastructure 24/7 with the same rigor we apply to client environments. Anomalies are investigated within minutes, not hours.

Secure Infrastructure

Production systems run on hardened, regularly patched infrastructure with network segmentation, intrusion detection, and automated vulnerability scanning.

Employee Security

All team members undergo background checks, sign NDAs, and complete security awareness training quarterly. Access follows least-privilege principles.

Business Continuity

Comprehensive disaster recovery and business continuity plans tested annually. Redundant systems and backups ensure service availability.

Compliance Certifications

Independently Verified

Our compliance posture is validated through independent audits and certifications.

SOC 2 Type II

Our security controls are independently audited against AICPA Trust Service Criteria. SOC 2 Type II reports are available to clients under NDA.

ISO 27001

Our information security management system is aligned with ISO 27001 standards, covering risk management, access control, and incident response.

GDPR Compliant

We process personal data in accordance with GDPR requirements, including data minimization, purpose limitation, and data subject rights.

HIPAA Ready

Our infrastructure and processes are designed to support HIPAA compliance for healthcare clients, with BAAs available upon request.

Data Handling

Your Data, Your Control

We take data stewardship seriously. Here is how we handle client data.

Client data is logically isolated and never commingled between organizations
Data retention policies are configurable per client and aligned with regulatory requirements
All client data can be exported or deleted upon contract termination
We do not sell, share, or use client data for any purpose beyond service delivery
Regular data access audits ensure only authorized personnel access client information
Sub-processor lists are maintained and updated with advance notice to clients

Incident Response

When Every Second Counts

In the event of a security incident affecting our systems or client data, we follow a rigorous response process.

Detection

Automated monitoring and analyst investigation identify potential security incidents within our environment or affecting client data.

Classification

Incidents are classified by severity and impact. Affected clients are notified within 24 hours of confirmed incidents per contractual obligations.

Containment

Immediate containment actions are taken to prevent further damage, followed by root cause analysis and full remediation.

Post-Incident Review

A thorough post-incident review is conducted, lessons learned are documented, and preventive measures are implemented to avoid recurrence.

Have Security Questions?

Our security team is available to discuss our practices, provide compliance documentation, or address any security concerns you may have.

Contact Our Security Team Explore Services