Security & Compliance
Your building safety data is some of the most sensitive information in construction. We take that seriously.
How We Protect Your Data
UK Data Centres
Hosted in UK data centres (Supabase London region)
AES-256 Encryption
Military-grade encryption for all data at rest
TLS 1.2+ in Transit
Encrypted connections for all data in transit
SOC 2 Type II
Certification in progress, Q2 2026
GDPR Compliant
Full compliance with UK GDPR requirements
Security Testing
Regular vulnerability assessment and penetration testing programme
Immutable Audit Logs
Complete, tamper-proof record of all actions
Role-Based Access
Granular permissions for every user
Two-Factor Auth
2FA available for all accounts
SSO/SAML
Enterprise single sign-on support
Service Availability
Availability commitments defined in enterprise agreements
Daily Backups
30-day retention with point-in-time recovery
Certifications & Compliance
ISO 27001
In Progress
SOC 2 Type II
In Progress
Cyber Essentials Plus
In Progress
GDPR
Compliant
UK GDPR
Compliant
UK Data Residency
Customer data is stored in UK data centres via Supabase (London region). The production application is hosted on Vercel with compute in UK/EU regions. We do not store building safety records outside the United Kingdom.
- Primary database: Supabase (London, UK)
- Encryption at rest and in transit
- Daily backups with tested restore procedures
- Segregated staging and production environments
UK Data Centres
Supabase — London region
Security Questions?
Our security team is available to discuss your specific requirements, provide security documentation, or arrange a security review.