Security and compliance
Security and compliance built for enterprise procurement
ISO/IEC 27001:2022 certified. UK GDPR aligned. Hosted exclusively in EU data centres. Built to pass procurement scrutiny on first review.
Certifications and standards
ISO/IEC 27001:2022 Certified
CertifiedOur information security management system is independently certified. Annual surveillance audits maintain compliance. Certificate available on request to qualified buyers.
UK GDPR and Data Protection Act 2018
CompliantCompliant by design. Tenant data isolated at the database layer. Subject access requests handled within statutory timeframes.
PECR Compliant
CompliantEmail communications follow the Privacy and Electronic Communications Regulations. No unsolicited marketing without explicit consent.
Infrastructure and hosting
- All data hosted in EU data centres (Vercel and Neon Postgres, AWS eu-west infrastructure)
- TLS 1.3 encryption in transit
- AES-256 encryption at rest
- Daily encrypted backups with 30-day retention
- Disaster recovery tested quarterly
- Status page at status.noslip.co.uk
Access controls
- Multi-tenant isolation enforced at database row level (PostgreSQL RLS)
- Role-based access control with audit-logged role changes
- JWT authentication with short-lived access tokens and httpOnly refresh cookies
- Two-factor authentication available for all users
- Internal Gyzer staff access logged and notified to tenant admins (impersonation transparency policy)
Data processing
- Customer is the Data Controller. Gyzer Technologies is the Data Processor.
- Data Processing Agreement available for review before contract signature.
- Sub-processors listed publicly and updated within 30 days of any change.
- Personal data minimised. We do not request data we do not need.
- Right to data export and deletion respected per UK GDPR.
Sub-processors
Current as of January 2026. Updated within 30 days of any change.
| Sub-processor | Purpose | Location |
|---|---|---|
| Neon (Databricks Inc.) | Database hosting | EU (Frankfurt) |
| Vercel Inc. | Application hosting | EU (Dublin) |
| Resend Inc. | Transactional email | EU |
| Upstash | Redis cache and queue | EU (Frankfurt) |
| Cloudflare | DNS and edge security | Global edge, data residency in EU |
Incident response
- 24-hour internal alerting on security events
- Customer notification within 72 hours of any qualifying incident per UK GDPR
- Post-incident review and remediation documented
- Security contact: security@noslip.co.uk
Business continuity
4 hours
Recovery Time Objective
24 hours
Recovery Point Objective
Annual
BCP review
Multi-region failover for production database. Documented BCP reviewed annually.
Trust centre contact
For security questionnaires, due diligence requests, or Data Processing Agreement review:
trust@noslip.co.uk — response within 5 business days
security@noslip.co.uk — to report a security concern
Registered entity
- Company name
- Gyzer Technologies Ltd
- Registered office
- 20-22 Wenlock Road, London N1 7GU
- Companies House
- 15058377
- VAT number
- 464426092
- ICO registration
- ZB712909
- Jurisdiction
- England and Wales
Ready to review our security documentation?
Contact trust@noslip.co.uk for DPA review, security questionnaires, or certificate requests.