B2B buyers check this page before they pay us. Here's everything we'd want to know if we were them.
All photos, check data, and account data are stored in EU regions. Nothing leaves the EU for processing.
Lawful basis documented for each processing activity. Data Processing Agreement available on request for paid plans.
TLS 1.2+ in transit. AES-256 at rest. Database backups encrypted with rotating keys.
Default 90 days. Reduce to 30 or extend up to 7 years on Enterprise — useful for audited supply chains.
Row-level security on every query. Your standards, photos, and verdicts are invisible to other organisations on the platform.
Reports go to your suppliers only when you send them. Nothing is auto-shared, ever.
Daily backups with point-in-time recovery up to 7 days. Disaster recovery tested quarterly.
Every read and write of your data is logged. Audit log available on Enterprise.
Enterprise customers get a signed Data Processing Agreement, a completed security questionnaire (CAIQ-Lite), and an annual penetration test summary on request.