1. Encryption
- In transit: all traffic between your device and our servers uses TLS 1.2 or higher.
- At rest: databases, file storage and backups are encrypted using industry-standard algorithms.
- Passwords: stored as salted hashes; never in plain text.
2. Access controls
- Least-privilege access for staff and contractors.
- Two-factor authentication required for administrative systems.
- Row-level security and role-based access controls in our database.
- Audit logs for administrative actions.
3. Infrastructure
We host on reputable cloud providers in the UK / EU / US that maintain recognised security certifications (such as ISO 27001 or SOC 2). Code changes go through review and automated tests before deployment.
4. AI processing
AI providers used to generate responses operate under data-processing agreements and do not use your inputs to train their foundation models.
5. Vulnerability management
We monitor dependencies for known vulnerabilities and patch in a timely manner. We welcome responsible disclosure — email hello@onepercentedgeai.com with details. Please do not run intrusive tests against our production systems.
6. Incident response
If a personal-data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and notify affected users without undue delay, in line with UK GDPR Articles 33 and 34.
7. Your role
Please use a strong, unique password, enable two-factor authentication where offered, and notify us immediately if you suspect unauthorised access to your account.