Authentication & access
- Access to the platform requires an authenticated session.
- Passwords are hashed with modern, salted algorithms and never stored in plain text.
- Administrative access to production systems is restricted to authorised personnel and monitored.
Hosting & data in transit
- Traffic to our website and platform is served over HTTPS with modern TLS.
- Application and database workloads run on managed cloud infrastructure with hardened defaults.
Data handling
We minimise the personal data we collect and separate operational usage data from the intelligence content we publish. Backups are taken on a regular schedule and access to them is restricted.
Vendor management
We work with a small, vetted set of subprocessors listed in our Privacy Policy. Vendors are reviewed for their security posture before we onboard them.
Incident response
We monitor the platform for security-relevant events. If we confirm an incident affecting customer data, we will contact affected customers directly and within the timelines required by applicable law.
Responsible disclosure
If you believe you've found a security issue, please email security@thepolicyatlas.com with details and steps to reproduce. Please give us a reasonable window to investigate before public disclosure. We're grateful to researchers who help us keep the platform safe.
