SECURITY
Security & Data Handling
Your operational data is sensitive. Here's exactly how we protect it throughout every stage of our engagement.
Infrastructure Security
- ✓All production systems run on AWS (eu-west-2, London region)
- ✓Data encrypted at rest (AES-256) and in transit (TLS 1.3)
- ✓Private S3 buckets with CloudFront OAC: no direct public access
- ✓Regular security patches and dependency updates
Access Control
- ✓Role-based access control (RBAC) on all command suites
- ✓Row-level security (RLS) on database tables via Supabase
- ✓Multi-factor authentication available for admin portals
- ✓Principle of least privilege across all service accounts
Data Protection
- ✓GDPR-aligned data handling practices
- ✓Data processing agreements available on request
- ✓Client data never used for training or shared with third parties
- ✓Data deletion upon contract termination (with export option)
Development Practices
- ✓Code version control via private GitHub repositories
- ✓Separate development, staging, and production environments
- ✓Webhook endpoints secured with HMAC signatures
- ✓Full audit trail on all document and approval actions