Technical and organisational
measures to ensure the
security of Personal Data | Technical measures All workloads run on Google Cloud Platform (GCP), deployed strictly in EU regions (London or other EU zones only). MongoDB (EU region) is our primary database. Data is encrypted at rest with AES-256 and encrypted in transit (TLS). We maintain periodic automated backups of all production databases with secure storage and controlled access. Qdrant (EU region) is used as our vector database, and Redis Cloud (EU region) is used for caching. Access to infrastructure is restricted via IAM, MFA-enforced accounts and least-privilege roles. Services run in private networks with firewalls and VPC-level isolation. Monitoring, alerting and log management are handled by Datadog, configured within EU regions. We use Vanta to continuously monitor our security position and maintain compliance with ISO27001:2022 and SOC2 frameworks. All software is kept up-to-date and security updates are installed as soon as reasonably possible.
Organisational measures Operational practices include regular patching, vulnerability scanning, penetration testing and maintaining incident management and response processes. Making all employees and third-party agents fully aware of their individual responsibilities under the UK GDPR.
|
