Security

We take the security of your information seriously and use technical and organisational measures designed to protect personal data and platform data from unauthorised access, loss, misuse, alteration, or disclosure.

 

Our security approach

Security is built into how we design, build, and operate our services. We aim to apply safeguards that are proportionate to the sensitivity of the information we process and the risks involved.

We also review our controls regularly and update them as our services and threat landscape change.

 

Measures we use

Depending on the system or process, our security controls may include:

  • Role-based access controls.
  • Strong authentication measures.
  • Encryption where appropriate, including during transmission and, where suitable, at rest.
  • Logging and monitoring of key activity.
  • Vulnerability management and timely patching.
  • Secure software development and change control.
  • Backup and recovery procedures.
  • Incident response and escalation processes.
  • Staff privacy and security awareness training.
  • Contractual and security reviews of third-party providers.

 

Data protection by design

We aim to build privacy and security into our products and processes from the start.

That means we consider data minimisation, access limitation, secure defaults, and the protection of user information when developing or changing our services.

 

Third-party providers

We may use third-party providers to host, support, analyse, or deliver parts of our services.

Where we do, we assess their security and privacy commitments and require appropriate contractual protections. We expect our providers to maintain safeguards that are suitable for the data and services they handle on our behalf.

 

Monitoring and improvement

We monitor our systems and processes to help detect and respond to security issues.

When we identify weaknesses, we take appropriate steps to investigate, remediate, and reduce the chance of recurrence. This may include policy updates, technical changes, staff training, or changes to supplier arrangements.

 

Breach response

If we become aware of a personal data breach, we investigate it promptly, assess the risk to affected individuals, preserve relevant evidence, and take appropriate remediation measures.

Where required by law, we will notify the Information Commissioner’s Office and affected individuals without undue delay.

 

Your part in security

You can help protect your account and information by:

  • Using a strong, unique password.
  • Keeping login details confidential.
  • Signing out of shared devices.
  • Being cautious about suspicious emails or messages.
  • Contacting us promptly if you suspect unauthorised access.

 

Contact

If you have security concerns or suspect an issue affecting your account or personal data, please contact us via contact us page.