Security measures

Architectural Security

Architectural Security

Data segregation

Security perimeter

Queries are executed by transmitting a mathematical representation of the information, empowering you to gain insights at aggregate level without moving your raw data.

Your dataset never leaves its own dedicated virtual server (called a “Bunker”). No two datasets are ever hosted together, and no other customer can ever access a server hosting your data.

Mathematical model

Each Bunker has its own subnet, and its own tightly-controlled security perimeter. Stateful firewalls help ensure that only traffic associated with legitimate Bunker access can enter the subnet.

Product Security

Product Security

Secure credential storage

As you’d expect, your login passwords are hashed in line with industry best practice. For additional protection, they’re encrypted at storage level too.

Two-factor authentication

Two-factor authentication based on Google Authenticator is supported, and strongly encouraged during registration. If you want to, you can require it for your organization’s users.

Single sign-on

Optionally, you can integrate with your own sign-on systems - increasing convenience for your users while ensuring alignment with your existing password policies.

Fine-grained permissions

If you choose to let other people or organisations gain insights from your data, you have a range of options to control exactly what they can do. A colour-coded visualisation helps you understand the consequences of your choices.

Fail-safe configuration

Data encryption

All data at rest is stored on encrypted disks, based on the robust AES-256 cryptographic standard.

Data minimisation

During the process of “normalization”, data not required for the configured task is automatically deleted. Only the minimum data required is retained.

Data deletion

If you choose to terminate your Bunker, the data it stores is immediately deleted - and for additional reassurance, the cryptographic key which was required to access it is also destroyed. If you stop using InfoSum services without terminating your Bunkers, they will automatically expire at the end of your billing period. Once this happens, the data is deleted within 48 hours.

Nobody can reference your data unless you actively grant permission. When fine-tuning what you allow, the default is always the least permissive option.

Server & Network Security

Server & Network Security

Physical security

When we host your Bunkers, your data is held on Amazon Web Services hardware in a highly secure data centre. Read the full details on Amazon’s website. Alternative hosting options are available upon request.


By default, your data is held in the UK. On request, we can use the AWS network to host your data in an alternative location that meets your security or data protection requirements.

Controlled access

Only designated specialist staff can log onto our production servers. As an additional protection, these servers are accessible only using a complex cryptographic key and multi-factor authentication.

End-to-end encryption

All data in transit, whether between you and the product or between product components, is encrypted end-to-end using TLS 1.2 - guarding against interception or man-in-the-middle attacks.

Disaster recovery process

Our comprehensive Disaster Recovery process ensures that our solutions remain available or can be easily recovered in the case of a disaster.

Infrastructure as Code

Wherever possible, our servers and networks are built from configuration files held in a secure, auditable management system. As well as accelerating disaster recovery procedures, this eliminates the risk of human error.

Vulnerability scanning

We perform frequent, automated scans for network vulnerabilities such as unexpected open ports.

DDoS protection

We use rate limiting and other mitigations to reduce or eliminate the impact of denial-of-service attempts.

We continuously and proactively monitor our systems, to detect unusual activity, respond to issues, and to manage capacity. Our dedicated infrastructure team is on hand to respond to alerts.

In the event of detecting suspicious activity, our predefined response procedure will minimise impact, assess risks and ensure transparent communication.


Incident response procedure

Development Security

Development Security

Technical checkpoints

Any new feature entering our products is formally reviewed for security implications. At a minimum this happens twice during development - and depending on the feature, often a lot more.

Separate environments

All code under development passes through a series of testing environments, before it’s released to our customers. No real data is ever exposed to any testing environment.

Test automation

We use best-practice “DevOps” methodology to ensure all code changes are automatically tested and quality-controlled.

End-to-end QA

Complementing our automated tests, our QA specialists conduct regular manual tests based on real-world tasks, guarding against any unexpected changes to the behaviour of the system.

Controls on open-source software

Every piece of open-source software used in our product is individually assessed and signed off. We subscribe to a service which pro-actively notifies us if any vulnerabilities are found in the open-source software we use.

Penetration testing

We regularly invite independent security professionals to attempt to “crack” our products - testing our resistance to techniques such as code injection, token exfiltration and cross-site scripting attacks. A copy of our most recent pentest’s executive summary may be provided to prospective customers under NDA.

Staff Security

Staff Security

In-house development

All of our products are developed in-house, by a tight-knit team of experienced coders. We don’t outsource development work, so we know who wrote every line of our code.

Segregation of duties

It takes two people to make a change to our product - one to write the code, and one to sign it off. We have technical protections to ensure that nothing can sneak under the radar.

Principle of least access

We use precise role descriptions to lay out what each of our people do and doesn’t need to do. Nobody has login credentials for a system unless it’s genuinely necessary for their work.

Background checks

It goes without saying that we take up references for all our employees and onsite contractors. For those with the most privileged access to our systems, we also require a criminal record check.

Staff Training

All our staff are required to undergo and satisfactorily complete annual security and data protection training.

Certified Security

Certified Security

ISO 27001

We’re certified for compliance with ISO 27001, the internationally-recognised gold standard for information security management. If you need our certificate for your own records, you can download it here.

Internal review

We have a designated Head of Security, who reports on relevant matters to a dedicated Security Review Board. This also oversees a scheduled programme of formal self-assessment, ensuring that security remains at the top of our management agenda.

Independent audit

Regular, impartial, external audits monitor our compliance with ISO 27001, and alignment with recognised best practice. We make continual improvements to our policies in the light of new threats and protections.

Cyber Insurance

We have specialist cyber-insurance coverage, including against the risk of data loss, underwritten at Lloyds of London.