Enterprise data security, built in from day one
SupplySignal is built for professional organisations handling sensitive supplier and compliance data. Our approach to security is practical, documented and appropriate for the nature of the data the platform processes.
How we protect your data
Data residency
All data is processed and stored within the United Kingdom. We do not transfer personal or organisational data outside UK jurisdiction. Your supplier data stays where your compliance framework expects it to be.
Encryption in transit and at rest
All data is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted using AES-256. Encryption keys are managed through a dedicated key management service and rotated on a defined schedule.
Role-based access control
Platform access is controlled by role. Organisation administrators manage who can access what. Sensitive supplier data is accessible only to users explicitly granted permission, with no broad data sharing across accounts.
Audit logging
All user actions within the platform are written to an immutable audit log. Login events, data access, alert reviews, escalations and configuration changes are all captured with timestamps and user attribution.
Infrastructure security
SupplySignal runs on enterprise-grade cloud infrastructure with network-level isolation between customer environments. Infrastructure is monitored continuously, with automated alerting on anomalous access patterns.
Vulnerability management
Dependencies are monitored for known vulnerabilities on a continuous basis. Security patches are assessed and applied promptly. We maintain a responsible disclosure process for security researchers.
UK GDPR compliance
SupplySignal is designed to support your compliance obligations, not complicate them. The platform processes personal data, primarily names, roles and corporate affiliations drawn from public registries and news sources.
We take a proportionate approach to data protection. Where we process personal data, we do so on a lawful basis, for a legitimate purpose, and no longer than necessary.
We act as data processor for your supplier data and data controller for platform account data. Our privacy notice documents both roles clearly.
Your supplier data is not used to train machine learning models, shared with third parties for commercial purposes, or processed beyond what is necessary to provide the platform.
We maintain a Record of Processing Activities covering all personal data processed within the platform.
Data subject access requests can be submitted by contacting our team. We respond within the statutory timeframe.
Our Data Processing Agreement is available on request and sets out the technical and organisational measures we apply to protect personal data.
Security questions or concerns?
If you have a security concern, a question about our data protection practices, or wish to request a copy of our Data Processing Agreement, please contact us directly.
hello@supplysignal.co.ukBuilt for teams that take compliance seriously
See how SupplySignal supports your supplier risk programme with continuous monitoring, structured workflows and a complete audit trail.