GATEWAYCHECKER

Trust Centre

Security, compliance, and legal documentation for security teams and procurement reviewers. All documents are maintained as part of the Gatewaychecker development process and updated automatically when the underlying policies change.

Security

Security Overview→

Hosting, encryption, authentication, incident response

Architecture Overview→

System design, analysis pipeline, technology stack

Data Flows→

How personal data moves through the platform

Sub-processors→

Third-party services and their data commitments

Legal & Privacy

Privacy Notice→

UK GDPR notice — what we collect and why

Service terms, advisory disclaimer, liability

Data Processing Agreement→

Article 28 DPA template — request a signed copy

Acceptable Use Policy→

Permitted and prohibited uses of the service

Certification Status

✓UK GDPR compliance

CERTIFIED

✓PCI-DSS (via Stripe)

CERTIFIED

○Cyber Essentials

IN PROGRESSTarget: Q3 2026

○Cyber Essentials Plus

IN PROGRESSTarget: Q4 2026

◌SOC 2 Type I

PLANNEDTarget: Q1 2027

◌ISO 27001

PLANNEDTarget: Q2 2027

Data Residency

🇬🇧UK/EU Data Residency

All customer data is stored and processed within the European Union. No personal data is transferred to the United States except for transient AI inference calls, which are covered by Anthropic's no-training API commitment.

Database + AuthSupabase · AWS eu-west-1 (Ireland)

Application hostingVercel · EU (Frankfurt)

AI inferenceAnthropic · US API · No training on submitted data

Contact

Security

security@gatewaychecker.co.uk

Security issues and vulnerability disclosure

Privacy

privacy@gatewaychecker.co.uk

Data subject rights and privacy enquiries

Legal

legal@gatewaychecker.co.uk

DPA, contracts, and legal matters

Gatewaychecker Ltd · United Kingdom · gatewaychecker.co.uk

Documents maintained at docs/trust/ in the product repository. Last updated dates reflect git commit history.