RGT-SEC-01 · Trust & security
The controls behind the infrastructure you report on.
Regtify hosts and secures the calculation, reporting, and data infrastructure that regulated firms and their service providers depend on. This page states what is in place today and what we are working towards — and displays no certification we do not hold.
One security posture, shared across the platform.
DART and APEX run on the same core as REGREP. Hosting, encryption, access control, and data protection are shared platform properties — not measures bolted on product by product.
We describe our controls in the terms your own security and compliance teams review, and we separate clearly what is in place today from what is in progress. Where a control is not yet certified, we say so.
What is in place.
What we are working towards.
We are working towards ISO/IEC 27001 and SOC 2. We are not yet certified against either, and we do not display certification badges we do not hold. When certificates are issued, they will appear here with their scope and date.
How client and personal data is handled.
Regtify acts as a data processor on behalf of its clients, who remain the controllers of their data. Personal data is processed only to deliver the reporting and analytics services engaged, in line with UK and EU GDPR.
A Data Processing Agreement, together with details of data residency and sub-processors, is available to clients and prospective clients on request.
Reporting a security concern.
If you believe you have identified a security vulnerability affecting Regtify or any of its products, please contact us so we can investigate and remediate. We acknowledge reports and keep the reporter informed of the outcome.
06 — CONTACT
Speak to our team.
For security questionnaires, due-diligence packs, or a walkthrough of how the infrastructure fits your obligations.