Security & data

Your photos. Your standards. Your data.

B2B buyers check this page before they pay us. Here's everything we'd want to know if we were them.

EU data residency

All photos, check data, and account data are stored in EU regions. Nothing leaves the EU for processing.

GDPR-compliant by default

Lawful basis documented for each processing activity. Data Processing Agreement available on request for paid plans.

Encrypted at rest and in transit

TLS 1.2+ in transit. AES-256 at rest. Database backups encrypted with rotating keys.

Photo retention you control

Default 90 days. Reduce to 30 or extend up to 7 years on Enterprise — useful for audited supply chains.

Tenant isolation

Row-level security on every query. Your standards, photos, and verdicts are invisible to other organisations on the platform.

No supplier sharing without action

Reports go to your suppliers only when you send them. Nothing is auto-shared, ever.

Backups & recovery

Daily backups with point-in-time recovery up to 7 days. Disaster recovery tested quarterly.

Access logging

Every read and write of your data is logged. Audit log available on Enterprise.

Need a DPA, security questionnaire, or pen-test summary?

Enterprise customers get a signed Data Processing Agreement, a completed security questionnaire (CAIQ-Lite), and an annual penetration test summary on request.