Security

Your data, handled properly

We take the security and privacy of trainee data seriously. Here's exactly how.

Data hosting

All data is hosted on dedicated servers in the UK/EU with Hetzner. We do not use shared cloud environments.

Encryption

Data is encrypted at rest (AES-256) and in transit (TLS 1.3). Database backups are encrypted.

Data isolation

Each deanery operates in a fully isolated environment. There is no shared database between organisations. One deanery's data is never accessible to another.

Access controls

Role-based access control (RBAC) ensures users only see data they're authorised to access. All access is logged and auditable.

Authentication

[Details of authentication method — e.g. email + password with bcrypt hashing, optional 2FA]

GDPR compliance

Exogi is designed with GDPR and UK DPA 2018 compliance as a core requirement, not an afterthought. We process data under [lawful basis]. See our privacy policy for full details.

Data retention & deletion

You can export or delete your data at any time. When an account is closed, all associated data is permanently deleted within 30 days.

Incident response

We maintain an incident response plan. In the event of a data breach, affected organisations will be notified within 72 hours as required by GDPR.

Data Processing Agreement

We provide a Data Processing Agreement on request for organisations that require one. Contact us at hello@exogi.co.uk.

Security contact

To report a security concern or request our security documentation, email security@exogi.co.uk