When our customers make a request to an organisation, we ensure that all data is encrypted and only the designated recipient of the request (e.g. the Data Protection Officer) is able to view the data.
When organisations respond to requests, data is encrypted in such a way that even we cannot view this data; it is encrypted with the subject’s public key. The private key is stored on the customer’s phone; we have no access to this.
We use advanced levels of data encryption at rest and in transit at the message and transport layer including use of the following:
You can read more about our Security Policy here.
We take security seriously which is why we’ve been assessed and certified for addressing cybersecurity effectively and mitigating the risk from Internet-based threats.