Security & Compliance

Your data is safe with us

Security is not an afterthought at SkedTech. It is built into every layer of our platform — from infrastructure to code — so you can manage your workforce with confidence.

GDPR Compliant
UK Data Protection Act 2018
SOC 2 Aligned
ISO 27001 Infrastructure
Working Time Directive
Cyber Essentials

Our security posture

A layered approach to security that protects your data at every level.

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Database backups are encrypted with separate key management. We never store passwords — only salted bcrypt hashes.

  • TLS 1.3 for all communications
  • AES-256 encryption at rest
  • Separate encryption keys per environment
  • Encrypted database backups

Access Control & RBAC

SkedTech uses role-based access control (RBAC) to ensure users only see what they're supposed to. Administrators can define granular permissions at the organisation level.

  • Role-based access control (Owner, Admin, Member)
  • Per-organisation data isolation
  • SSO and SAML 2.0 (Enterprise)
  • Multi-factor authentication
  • Audit log of all permission changes

Audit Logging

Every sensitive action in SkedTech is recorded in an immutable audit log. Operations managers can review who changed what, when, and from which IP address — giving you a full audit trail.

  • Immutable audit log for all data mutations
  • IP address and session tracking
  • User action attribution
  • Exportable logs for compliance reviews

Infrastructure

SkedTech runs on ISO 27001-certified cloud infrastructure with automatic failover. Our stack includes Vercel's edge network, Neon Postgres with point-in-time recovery, and Cloudflare's protection layer.

  • Hosted on ISO 27001-certified infrastructure
  • Automatic failover and redundancy
  • Point-in-time database recovery (PITR)
  • 99.9% uptime SLA
  • DDoS protection via Cloudflare

Backups & Recovery

Your data is backed up continuously. We perform automated daily snapshots and support point-in-time recovery to within minutes. Our team maintains documented runbooks for all restore scenarios.

  • Continuous automated backups
  • Point-in-time recovery (PITR)
  • Documented restore runbooks
  • Tested disaster recovery procedures
  • Data retention policy aligned to GDPR

Incident Response

We maintain a formal incident response policy. In the event of a security incident, we commit to notifying affected customers within 72 hours in line with GDPR Article 33 obligations.

  • Formal incident response plan
  • 72-hour GDPR breach notification
  • Security team on-call 24/7
  • Post-incident reports shared with customers

Data Residency

All customer data is stored within the UK and EU. We do not transfer personal data to countries without adequate protection under UK GDPR.

Sub-processors

We maintain a current list of all sub-processors (cloud providers, analytics, monitoring) and notify customers of any material changes 30 days in advance.

Responsible Disclosure

If you discover a security vulnerability in SkedTech, please report it responsibly to security@skedtech.co.uk. We aim to acknowledge reports within 24 hours.

Found a vulnerability?

We take security seriously and welcome responsible disclosure. If you find a vulnerability, please contact our security team and we'll work with you to fix it quickly.

Report a Vulnerability Talk to our Team