​

• Encryption: TLS in transit; encryption at rest for databases and backups.

• Access: least privilege access; MFA for admin; audited actions.

• Development: secure SDLC, code review, dependency scanning, vulnerability patching.

• Monitoring: centralised logging, alerts, incident response runbook.

• Availability: regular backups; disaster recovery drills.

• Vendors: due diligence for all sub-processors (see sub processors).

​

Last updated: 2025-08-25