Security at a Glance
Infrastructure Security
Cloud-native architecture on Microsoft Azure with WAF, private networking, and edge protection.
Application Security
Authentication, rate limiting, input validation, and multi-tenant data isolation.
Data Protection
Encryption at rest, transport security, and managed key handling for core service data.
Compliance
GDPR-focused practices, sub-processor transparency, and assurance posture.
Incident Response
Customer notification, documented response procedures, and security event logging.
Security Practices
| Area | Standard |
|---|---|
| Encryption at rest | Encryption is enabled for primary production data stores, with additional protections applied to selected sensitive credentials |
| Encryption in transit | Supported service connections require TLS 1.2 or higher, with newer protocols used where available |
| Incident response | Customer notification for confirmed notifiable incidents is handled in line with applicable law and contract terms |
| Data residency | Primary hosting is in Microsoft Azure UK South, subject to service configuration and approved subprocessors |
| Data deletion | Data retention and deletion follow contractual terms, operational safeguards, and backup lifecycle requirements |
| Assurance | Our security program is aligned to common control frameworks and continues to mature over time |
Architecture Principles
- Defence in depth — Layered controls are applied across edge, application, network, and storage boundaries
- Least privilege — Access is scoped using managed identities, roles, and approval-based controls
- Private by default — Backend connectivity is designed to minimize unnecessary public exposure
- Encryption by default — Production data is encrypted at rest and in transit across supported service paths
- Auditable operations — Security-relevant events are logged and monitored to support investigation and review
Questions about our security practices? Contact us at security@meetdoris.com.