Regtify | Trust & security — hosting, encryption & data protection

RGT-SEC-01 · Trust & security

The controls behind the infrastructure you report on.

Regtify hosts and secures the calculation, reporting, and data infrastructure that regulated firms and their service providers depend on. This page states what is in place today and what we are working towards — and displays no certification we do not hold.

01 — POSTURE

One security posture, shared across the platform.

DART and APEX run on the same core as REGREP. Hosting, encryption, access control, and data protection are shared platform properties — not measures bolted on product by product.

We describe our controls in the terms your own security and compliance teams review, and we separate clearly what is in place today from what is in progress. Where a control is not yet certified, we say so.

02 — CONTROLS

What is in place.

Hosting
Amazon Web Services
Applications and client data run on AWS cloud infrastructure.
In place
Encryption
At rest & in transit
Client data is encrypted while stored and while moving between systems.
In place
Access control
Role-based · least privilege
Access to systems and client data is restricted to authorised personnel on a role-based, least-privilege basis.
In place
Backups
Automated · recoverable
Data is backed up on an automated schedule, with documented restoration procedures.
In place
Monitoring
Logging & oversight
Infrastructure and application activity is logged to support operational oversight and incident review.
In place
Data protection
UK & EU GDPR
Personal data is processed in line with UK and EU GDPR.
In place
03 — CERTIFICATION

What we are working towards.

We are working towards ISO/IEC 27001 and SOC 2. We are not yet certified against either, and we do not display certification badges we do not hold. When certificates are issued, they will appear here with their scope and date.

ISO/IEC 27001Information security management
In progress
SOC 2Service organisation controls
In progress
UK & EU GDPRData protection compliance
In place
04 — DATA PROTECTION

How client and personal data is handled.

Regtify acts as a data processor on behalf of its clients, who remain the controllers of their data. Personal data is processed only to deliver the reporting and analytics services engaged, in line with UK and EU GDPR.

ON REQUEST

A Data Processing Agreement, together with details of data residency and sub-processors, is available to clients and prospective clients on request.

05 — RESPONSIBLE DISCLOSURE

Reporting a security concern.

If you believe you have identified a security vulnerability affecting Regtify or any of its products, please contact us so we can investigate and remediate. We acknowledge reports and keep the reporter informed of the outcome.

06 — CONTACT

Speak to our team.

For security questionnaires, due-diligence packs, or a walkthrough of how the infrastructure fits your obligations.