Skip to main content
Enterprise-grade protection

Security at Gaffer

Your trust is our priority. We implement industry-leading security practices to protect your business data.

GDPR
Compliant with EU General Data Protection Regulation
UK DPA
Compliant with UK Data Protection Act 2018
ISO 27001
Information security management certification (in progress)
SOC 2
Service Organization Control 2 Type II (in progress)

How we protect your data

Multiple layers of security work together to keep your business data safe.

Encryption at Rest

All data stored in our databases is encrypted using AES-256, the same standard used by banks and governments.

Encryption in Transit

All communications use TLS 1.3, ensuring your data is protected as it travels between your devices and our servers.

Access Controls

Role-based access controls ensure only authorized personnel can access sensitive systems and data.

24/7 Monitoring

Our security team monitors systems around the clock for suspicious activity and potential threats.

UK/EU Data Centres

Your data is stored in secure, certified data centres in the UK and EU, ensuring compliance with local regulations.

Regular Backups

Automated daily backups with 30-day retention and geographic redundancy protect against data loss.

Employee Training

All employees undergo security awareness training and background checks before accessing systems.

Penetration Testing

Regular third-party security assessments and penetration tests identify and address vulnerabilities.

Security FAQ

Where is my data stored?

Your data is stored in secure data centres in the UK and EU. We use AWS infrastructure with enterprise-grade security controls.

Who can access my data?

Only authorized Gaffer employees with a legitimate business need can access customer data. All access is logged and audited.

What happens if there's a security incident?

We have incident response procedures in place. Affected customers will be notified within 72 hours as required by GDPR.

Can I get a security assessment or questionnaire completed?

Yes, enterprise customers can request security documentation and have questionnaires completed. Contact security@getgaffer.com.

Do you offer SSO and 2FA?

Yes, we offer two-factor authentication on all plans. SSO via SAML is available on our Enterprise plan.

Have security questions?

Our security team is happy to answer questions or provide documentation for your review.

No credit card required