At Firmcheck, keeping your data safe and private is central to everything we do.
We know how important it is for our customers — and their clients — to trust that information is protected.
This page outlines how we manage security, privacy, and compliance, and gives you a resource you can share with your team or clients if questions come up.
We’ll continue to update this page as we grow and achieve further certifications.
Our Approach to Security
Secure Hosting
Firmcheck is hosted on AWS reputable cloud infrastructure with world-class security measures, including physical security, network monitoring, and redundancy.
Data Encryption
All data is encrypted in transit (using TLS 1.2 or higher) and at rest, helping to protect your information from unauthorised access.
Access Control
Access to systems and data is based on the principle of least privilege, i.e. our team and systems only have the minimum access needed to do their job – nothing more. We use strong authentication and regularly review permissions to ensure appropriate access.
Monitoring and Response
We monitor our systems for suspicious activity and in the unlikely event of a data breach affecting your information, we have procedures in place to promptly notify affected customers in line with the UK General Data Protection Regulation (UK GDPR) requirements.
Protecting Your Privacy
Data Privacy Compliance
Firmcheck complies with UK GDPR and related data privacy laws. We’re committed to collecting, storing, and handling your data responsibly.
Data Ownership
You remain the owner of your data. Firmcheck acts as a data processor and only uses your data as needed to provide our services. For more information, see our Firmcheck Privacy Policy.
Data Retention
Firmcheck retains customer data only as long as necessary to provide our services and meet legal obligations.
Subprocessors
We carefully vet any third-party subprocessors we work with and maintain a list of active subprocessors. All our subprocessors, and the data they process, are located in jurisdictions recognised by the UK as adequate for data protection. For more information, see our list of subprocessors.
Our commitment to continuous improvement
Security and privacy are ongoing commitments. We regularly review and improve our processes to meet evolving best practices and customer needs.
Our future plans include working towards recognised certifications like SOC 2 Type II to further demonstrate our commitment to security.
Got a Question?
If you have a question about security, privacy, or anything else, reach out to us at security@firmcheck.com. If your query relates specifically to data protection, you can also contact our Privacy Officer, Matt Barnett, at privacy@firmcheck.com.
We’re happy to help.
