TrustTrust · Compliance

Compliance and data protection

We operate within established regulatory frameworks and provide the documentation, agreements, and tooling our customers need to demonstrate their own compliance.

We operate within established regulatory frameworks and provide the documentation, agreements, and tooling our customers need to demonstrate their own compliance.

GDPR compliance
  • Full compliance with the EU General Data Protection Regulation, including lawful basis documentation for all processing activities
  • Data subject rights automation for access, rectification, erasure, and portability requests with verified response within 30 days
  • Privacy-by-design architecture with data minimisation, purpose limitation, and storage limitation built into every product feature
Data processing agreements
  • Standard contractual clauses and bespoke DPAs available for all customers, covering sub-processor lists, audit rights, and breach notification obligations
  • Transparent sub-processor registry with advance notification of changes and the right to object
  • Annual review cycle ensuring agreements remain aligned with evolving regulatory requirements
Cross-border transfers
  • EU-approved standard contractual clauses for all international data transfers outside the European Economic Area
  • Transfer impact assessments conducted for each destination country, evaluating legal frameworks and supplementary safeguards
  • Data residency options allowing customers to specify storage within the EU, UK, or other supported regions
Regulatory reporting
  • Automated audit trail generation for all data access, processing, and deletion events with tamper-evident logging
  • Pre-built regulatory report templates for GDPR Article 30 records of processing, DPIA summaries, and breach notifications
  • On-demand compliance dashboards showing real-time status of data processing activities and consent records

Need the full evidence pack?

Request our comprehensive trust pack containing the security whitepaper, available SOC 2 Type II programme artefacts (subject to programme status), data processing agreement template, sub-processor list, and penetration test executive summary. Available to prospective and current customers under NDA.