Trust Centre

Everything your security team needs — in one place

Factual answers on security, privacy, data protection and compliance. No marketing claims — only how the platform is actually built. We do not list certifications we do not hold.

Security overview Request a DPA
Trust Centre

How TrustedAIGov protects your organisation

One consistent standard across data, identity, isolation, evidence and operations.

🔐

Security

  • Hardened security headers (CSP, HSTS, no-sniff)
  • Safe error handling — no secret or stack leakage
  • Open-redirect protection
🧾

Privacy

  • UK GDPR aligned
  • Metadata-first — minimise PII
  • Documented retention periods
🛡️

Data protection

  • DPA available on request
  • Least-privilege access by default
  • Export & purge on off-boarding
🧱

Tenant isolation

  • Multi-tenant architecture
  • Per-tenant logical isolation
  • No cross-tenant access
🔒

Encryption

  • TLS in transit
  • Encrypted at rest
  • Protected on underlying storage
🔏

Evidence integrity

  • Tamper-evident ledger
  • Cryptographic hashing
  • Immutable evidence trail
📜

Audit logging

  • Append-only access-decision log
  • Every operator action recorded
  • Correlation IDs for traceability
🔌

Integrations

  • Read-only connectors
  • Secrets masked, never logged
  • 26 connectors across 6 families
🚀

Deployment options

  • Multi-tenant SaaS
  • Enterprise options on request
  • No Kubernetes requirement
🌍

Data residency

  • Configurable region
  • Kept within agreed boundaries
  • You know where data lives
🤝

Support

  • Email & named contact (Enterprise)
  • SLAs by plan
  • Pilot support during onboarding
📄

DPA

  • Data Processing Agreement on request
  • Sub-processor transparency
  • Clear data-handling terms
Security FAQ

Answers for your security review

The questions enterprise security, legal and procurement teams ask most.

Where is our data hosted, and can we control residency?

Hosting region is configurable and your data is kept within agreed boundaries. We tell you where your data lives.

Is our data encrypted?

Yes — TLS in transit and encrypted at rest, with protection on the underlying storage.

How are tenants isolated?

The platform is multi-tenant with per-tenant logical isolation and no cross-tenant access; operator consoles are role-gated.

Do you access our production data?

Integrations are read-only and process metadata, not payloads. You can revoke access at any time.

How are credentials and secrets handled?

Connector credentials are stored as secrets, masked in the interface, and never logged or returned in responses.

Is there an audit trail?

Yes — an append-only audit log of access decisions, plus a tamper-evident evidence ledger with cryptographic hashing.

Do you offer a Data Processing Agreement (DPA)?

Yes, a DPA is available on request.

Do you support SSO / SAML?

Yes, SSO / SAML is available on the Enterprise plan, with role-based access control and least-privilege defaults.

Which frameworks is the platform built to?

TrustedAIGov is built to the EU AI Act, ISO/IEC 42001, the NIST AI RMF and DORA — the frameworks the platform is designed and aligned to.

How do we export or delete our data when we leave?

Your tenant data can be exported and purged on request as part of off-boarding.

Talk to us about security review