PAIDD Trust Center

Your data is protected using enterprise-grade encryption and security measures across our DigitalOcean and AWS infrastructure.

• 256-bit AES encryption for all data at rest including database storage
• TLS 1.3 encryption for all data in transit with SSL certificates
• LUKS encryption available for enhanced data security
• Encrypted backups stored in geographically distributed data centers
• Etcd data encryption at rest for Kubernetes workloads
• Encrypted environment variables for sensitive configuration data

Built on DigitalOcean and AWS SOC 2 Type II certified infrastructure with comprehensive security controls.

• SOC 2 Type II and SOC 3 Type II certified data centers
• ISO 27001 certified collocated facilities
• 24/7 physical security with video surveillance and access controls
• Cloud Firewalls and DDoS protection at network edge
• Virtual Private Cloud (VPC) for network isolation
• Regular third-party security audits by Schellman & Company LLC

Continuous monitoring and proactive security measures ensure your platform remains protected.

• Advanced intrusion detection systems (IDS) and monitoring
• Automated vulnerability scanning and patch management
• Security-integrated SDLC with continuous security testing
• Private Kubernetes security with automatic patch updates
• Dedicated security team with incident response procedures
• Regular penetration testing and security assessments

ISO 27001:2022 is the international standard for information security management. We work only with partners who meet this standard.

Our core tools and platforms are ISO-certified and operate with:

• A fully implemented Information Security Management System (ISMS)
• Robust risk assessment and treatment processes
• Clear, enforceable security policies
• Ongoing internal security audits

We're also planning our own ISO 27001:2022 certification as part of our security roadmap—strengthening our commitment to world-class protection for every client and supplier.

SOC 2 Type II is the leading compliance framework for service organizations handling customer data. We work only with partners who meet this standard.

Our core infrastructure—DigitalOcean and AWS—are both SOC 2 compliant and operate with:

• Continuous monitoring across Security, Availability, and Confidentiality trust service criteria
• Independent third-party audits verifying operational controls over extended periods
• Rigorous access controls and data protection mechanisms
• Regular penetration testing and vulnerability assessments

PAIDD is fully compliant with the General Data Protection Regulation (GDPR) and UK data protection laws.

• Lawful basis established for all data processing activities
• Privacy by design principles embedded in our platform
• Data subject rights fully supported (access, deletion, portability)
• Data Protection Officer (DPO) appointed
• Regular privacy impact assessments conducted