All data is accessible worldwide. Stored on AWS – Hosted within an EEA member state.
We use Amazon AWS for assorted additional service: Mainly DNS, processing (only in AWS’s London datacenter), and storage of static files.
Images are processed using ImgIX.
Payment information
We use third-party services for all of our payment processing. At no point does sensitive credit card or bank account details pass through our services.
Data at rest
All data is encrypted at rest, and the physical hard drives the data stores operate on are also encrypted.
Data in motion
All data from service to service and service to client transferred via https (sha256RSA), or other secure method.
Other notes
We have a privacy program and privacy policy, which is displayed on every website we operate.
The policy has been reviewed by Counsel to comply with the laws of England & Wales
We are EU-US Safe Harbor compliant.
We have a retention policy in place to handle the disposal of personal information.
We operate a risk assessment program internally.
We have an information security policy
We are registered with the ICO.
We have acceptable use clauses in our Terms of Service.
We have no physical infrastructure. Our supplies are assessed via their accreditation.
Regarding third party services we use, a full security audit, including vendors, is performed at least every 6 months.
Network traffic is stored to allow historical and incident research.
We have a social media policy.
We conduct regular penetration testing against our infrastructure.