Data Protection
Last updated: January 2025. This page outlines the technical and organisational measures SecureSom applies to protect institutional data.
Encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Encryption keys are managed by our cloud provider's hardware security modules and rotated on a regular schedule. Backups are encrypted with separate keys.
Access Control
Access to institutional data is governed by role-based permissions and row-level security policies. Only authorised users from your institution can view your records. SecureSom staff have no standing access to incident logs, compliance reports, or monitored endpoints, and require explicit written consent for any support-driven access.
Data Minimisation
We collect only the data needed to deliver monitoring, compliance and reporting services: institution name, email domain, monitored endpoints, and incident records entered by your staff. We do not collect citizen data, biometric data, or personal data unrelated to your institutional use.
Data Residency
Primary infrastructure is hosted in EU regions with SOC 2 Type II and ISO 27001 certified providers. Backup data is geographically distributed within the same compliance envelope. Enterprise customers may request specific regional pinning under their contract.
Incident Response
SecureSom maintains a documented incident response plan. In the event of a confirmed data breach affecting your institution, we will notify your designated administrator within 72 hours, along with the scope of impact, mitigation steps taken, and recommended actions for your team.
Your Rights
You retain full ownership of your data. You may export, correct or delete your institutional records at any time from the dashboard. Upon account closure, all associated data is permanently deleted within 30 days, with an exportable archive available for the first 14 days.
Contact the Data Protection Team
For data protection inquiries, breach reports, or to exercise your rights, contact dataprotection@securesom.com. We respond to all requests within 72 hours.