Trust Center | Security & Compliance

Security

Our top priority is keeping our customers' data secure. We have stringent security measures at the organizational, architectural, and operational levels to ensure that your data and applications remain safe.

Your data is protected using enterprise-grade encryption and security measures across our DigitalOcean and AWS infrastructure.

256-bit AES encryption for all data at rest including database storage
TLS 1.3 encryption for all data in transit with SSL certificates
LUKS encryption available for enhanced data security
Encrypted backups stored in geographically distributed data centers
Etcd data encryption at rest for Kubernetes workloads
Encrypted environment variables for sensitive configuration data

Built on DigitalOcean and AWS SOC 2 Type II certified infrastructure with comprehensive security controls.

SOC 2 Type II and SOC 3 Type II certified data centers
ISO 27001 certified collocated facilities
24/7 physical security with video surveillance and access controls
Cloud Firewalls and DDoS protection at network edge
Virtual Private Cloud (VPC) for network isolation
Regular third-party security audits by Schellman & Company LLC

Continuous monitoring and proactive security measures ensure your platform remains protected.

Advanced intrusion detection systems (IDS) and monitoring
Automated vulnerability scanning and patch management
Security-integrated SDLC with continuous security testing
Private Kubernetes security with automatic patch updates
Dedicated security team with incident response procedures
Regular penetration testing and security assessments

Compliance

We're committed to meeting the highest standards of regulatory compliance and data protection.

ISO 27001:2022 is the international standard for information security management. We work only with partners who meet this standard.

Our core tools and platforms are ISO-certified and operate with:

A fully implemented Information Security Management System (ISMS)
Robust risk assessment and treatment processes
Clear, enforceable security policies
Ongoing internal security audits

We're also planning our own ISO 27001:2022 certification as part of our security roadmap—strengthening our commitment to world-class protection for every client and supplier.

SOC 2 Type II is the leading compliance framework for service organizations handling customer data. We work only with partners who meet this standard.

Our core infrastructure—DigitalOcean and AWS—are both SOC 2 compliant and operate with:

Continuous monitoring across Security, Availability, and Confidentiality trust service criteria
Independent third-party audits verifying operational controls over extended periods
Rigorous access controls and data protection mechanisms
Regular penetration testing and vulnerability assessments

PAIDD is fully compliant with the General Data Protection Regulation (GDPR) and UK data protection laws.

Lawful basis established for all data processing activities
Privacy by design principles embedded in our platform
Data subject rights fully supported (access, deletion, portability)
Data Protection Officer (DPO) appointed
Regular privacy impact assessments conducted

Policies

See exactly how we handle your data

Privacy Policy

Learn how we collect, use, and protect your personal information in compliance with data protection regulations.

Read Policy →

Cookie Policy

Understand how we use cookies and similar technologies to improve your experience on our platform.

Read Policy →

Data Protection

Review our comprehensive data protection measures and your rights under GDPR and UK data protection laws.

Read Policy →

PAIDD Trust Center

Security

Data Encryption & Protection

Infrastructure & Compliance

Security Operations & Monitoring

Compliance

ISO 27001:2022

SOC 2 Type II

GDPR

Policies

Privacy Policy

Cookie Policy

Data Protection

Have questions about security?