Data Security

All data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS) 1.3, the industry standard for secure communications.

Our infrastructure is built on secure, enterprise-grade platforms with multiple layers of protection:

• •Cloud hosting — Secure cloud infrastructure with 99.9% uptime SLA
• •Network security — Firewalls, DDoS protection, and intrusion detection
• •Access controls — Multi-factor authentication and role-based access
• •Regular updates — Automated security patches and system updates
• •Monitoring — 24/7 security monitoring and threat detection

We implement strict access controls to ensure only authorised personnel can access your data:

• •Multi-factor authentication (MFA) required for all staff accounts
• •Role-based access controls — staff only see data necessary for their role
• •Regular access reviews and permission audits
• •Activity logging and monitoring for all data access
• •Immediate revocation of access when staff leave

We follow secure data handling practices throughout our operations:

• •Minimal data collection — We only collect information necessary for our services
• •Secure document storage — All uploaded documents are encrypted and stored securely
• •Data minimisation — We only share data with lenders you explicitly approve
• •Secure deletion — Data is securely deleted when no longer needed

When we work with third-party service providers, we ensure they meet our security standards:

• •All service providers are vetted for security compliance
• •Data processing agreements with strict confidentiality requirements
• •Regular security assessments of third-party services
• •We only use providers that are GDPR-compliant and UK-based where possible

We have procedures in place to respond quickly to any security incidents:

• •24/7 security monitoring and alerting
• •Incident response plan with defined procedures
• •Immediate containment and investigation of any security issues
• •Notification to affected users and relevant authorities as required by law
• •Post-incident review and security improvements

We maintain compliance with relevant data protection and security standards:

• •UK GDPR — Full compliance with UK General Data Protection Regulation
• •Data Protection Act 2018 — Compliance with UK data protection legislation
• •FCA Regulations — Adherence to Financial Conduct Authority requirements
• •ICO Registration — Registered with the Information Commissioner's Office

You can help keep your data secure by:

• •Using a strong, unique password for your account
• •Not sharing your login credentials with anyone
• •Logging out when using shared devices
• •Keeping your contact information up to date
• •Reporting any suspicious activity immediately

If you have questions about our security practices or wish to report a security concern, please contact us: