Trust Center

Our security practices

We apply the same rigor to our own environment that we recommend to clients. Here's a summary of how we protect the systems and data we're trusted with.

Organisational security

All employees and contractors undergo background checks where legally permitted, sign confidentiality agreements, and complete security awareness training during onboarding and annually thereafter. Access to client systems and data is granted on a least-privilege, need-to-know basis and reviewed on a regular cadence.

Data protection

Data is encrypted in transit using TLS 1.2 or higher and at rest using industry-standard encryption. Production environments are logically separated from development and staging, and access to production data is restricted and logged.

Infrastructure & monitoring

  • Continuous monitoring of internal systems and endpoints
  • Centralized logging with defined retention periods
  • Regular vulnerability scanning and periodic third-party penetration testing of our own environment
  • Documented incident response and escalation procedures

Vendor & third-party risk

We maintain an inventory of subprocessors and third-party vendors that touch client data, and we review their security posture before onboarding and on an ongoing basis.

Business continuity

We maintain documented business continuity and disaster recovery procedures, including regular backups and periodic recovery testing, to minimize disruption in the event of an incident.

Questions about our practices

Enterprise customers and prospects can request additional detail, including summaries of recent assessments, through our Contact page.