Your data is protected by enterprise-grade security measures.
All CompliTraceAI data is hosted exclusively in the United Kingdom using Amazon Web Services (AWS) in the eu-west-2 (London) region. Your data never leaves UK jurisdiction. This ensures compliance with UK data protection regulations and provides the lowest latency for UK-based customers.
All data stored on our servers is encrypted using AES-256 encryption. Database backups are also encrypted with separate keys managed through AWS KMS.
All communications between your browser and our servers are encrypted using TLS 1.3. API endpoints enforce HTTPS-only access.
Encryption keys are rotated regularly and stored in hardware security modules (HSMs) through AWS KMS with strict access controls.
CompliTraceAI is fully compliant with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Key measures include:
SOC 2 compliance audit is in progress. Expected completion: Q3 2026. We are implementing controls across security, availability, and confidentiality trust principles.
Quarterly third-party penetration tests are conducted. The most recent test was completed with no critical findings. Full reports are available to Enterprise customers.
ISO 27001 certification is on our roadmap for 2027, building on our SOC 2 foundation.
If you discover a security vulnerability in CompliTraceAI, we encourage you to report it responsibly. We will acknowledge receipt within 24 hours and aim to resolve critical issues within 48 hours.
Please email: security@complitraceai.com
We do not currently operate a bug bounty program but will acknowledge and credit researchers in our security changelog.