We are dedicated to providing world-class data protection standards to ensure your data's safety and compliance with regulatory requirements.
Our infrastructure is hosted on servers within the European Union, enabling us to meet the specific regulatory and compliance needs of European organisations. We utilise Microsoft Azure, which holds multiple certifications, including ISO 27001, SOC 1, SOC 2, SOC 3, HIPAA, GDPR and more. All data is encrypted both in transit and at rest with strong encryption (AES256).
Assess Finance is committed to complying with the General Data Protection Regulation (GDPR) and assisting our customers in achieving compliance.
Our hosting environment is fully redundant and includes disaster recovery procedures. Our cloud hosting providers, including Google Cloud Platform, maintain several certifications for their data centers, such as ISO 27001, PCI certification, and SOC. More information on their certifications and compliance can be found on the Google Cloud Platform security site.
We perform daily automated backups of our databases to ensure data safety and availability.
We maintain detailed logs to provide a high-resolution trail of actions performed across the platform, aiding in incident investigations if needed.
All user data is securely transported with encryption in transit via SSL, protecting it from unauthorised access, modification, and man-in-the-middle attacks. We employ 256-bit SSL/TLS 1.3 encryption, using both ECDSA and RSA algorithms.
Beyond standard encryption in transit and at rest (AES256), we also utilise at-work encryption in our database. This ensures sensitive data remains encrypted during database operations, protecting it from exposure during maintenance and service activities.
Assess Finance partners with Stripe for payment card processing, ensuring we do not store any credit card information. Stripe meets PCI Service Provider Level 1 standards, using AES256 encryption at rest, which is the highest certification available in the payments industry.
Access to customer data is strictly limited and audited. Only necessary personnel can access the system, and multiple layers of controls are in place. Access sessions require valid consent or justification and are subject to an auditing access path.
In the event of a data breach involving personal data, we will promptly notify the local authority and the affected individuals (data subjects).
Assess Finance complies with all applicable Data Protection Laws when processing Company Personal Data, ensuring data is processed only according to the relevant Company's documented instructions.
Automated systems monitor the versions and vulnerabilities of all code powering Assess Finance. Our infrastructure is continuously updated to the latest, most secure software versions.
Extensive automated tests are run after each code change to verify the correctness of Assess Finance features, including authentication and the permission system.
Our application enforces HTTPS for all requests, securing all traffic in transit and protecting against protocol downgrade attacks.
We use a range of security headers, including X-Frame-Options, X-XSS-Protection, and Content-Security-Policy, to mitigate common security issues.
If you discover a vulnerability in Assess Finance or have a security incident to report, please contact us at info@assess.finance
By submitting a report, you agree not to disclose your findings or submission contents to third parties without Assess Finance's prior written approval. Detailed and quality reporting, including a working proof of concept, is essential to us.
For further inquiries about our security practices, please contact us at info@assess.finance