Security at Gaffer
Your trust is our priority. We implement industry-leading security practices to protect your business data.
How we protect your data
Multiple layers of security work together to keep your business data safe.
Encryption at Rest
All data stored in our databases is encrypted using AES-256, the same standard used by banks and governments.
Encryption in Transit
All communications use TLS 1.3, ensuring your data is protected as it travels between your devices and our servers.
Access Controls
Role-based access controls ensure only authorized personnel can access sensitive systems and data.
24/7 Monitoring
Our security team monitors systems around the clock for suspicious activity and potential threats.
UK/EU Data Centres
Your data is stored in secure, certified data centres in the UK and EU, ensuring compliance with local regulations.
Regular Backups
Automated daily backups with 30-day retention and geographic redundancy protect against data loss.
Employee Training
All employees undergo security awareness training and background checks before accessing systems.
Penetration Testing
Regular third-party security assessments and penetration tests identify and address vulnerabilities.
Security FAQ
Where is my data stored?
Your data is stored in secure data centres in the UK and EU. We use AWS infrastructure with enterprise-grade security controls.
Who can access my data?
Only authorized Gaffer employees with a legitimate business need can access customer data. All access is logged and audited.
What happens if there's a security incident?
We have incident response procedures in place. Affected customers will be notified within 72 hours as required by GDPR.
Can I get a security assessment or questionnaire completed?
Yes, enterprise customers can request security documentation and have questionnaires completed. Contact security@getgaffer.com.
Do you offer SSO and 2FA?
Yes, we offer two-factor authentication on all plans. SSO via SAML is available on our Enterprise plan.