Security & Trust
Your data, treated like it matters
Evaluation work means handling client prompts, outputs, and sometimes sensitive material. Here is — plainly and honestly — how we protect it.
Confidentiality by contract
Every evaluator signs a confidentiality agreement before accessing any client material. Client data, prompts, outputs, and guidelines are never shared, published, or discussed outside approved systems — and these obligations survive the end of any engagement.
Private, encrypted storage
Documents and sensitive files are stored in private, access-controlled storage — never on public URLs. All traffic to and from our platform is encrypted in transit (HTTPS/TLS), and files are only retrievable through authenticated, role-restricted routes.
Role-based access control
Our platform separates public, staff, and administrative access. Staff sign in with individual credentials, administrative functions require separate authentication, and personal data is visible only to those who need it.
UK GDPR compliance
We are registered in England & Wales and process personal data in line with the UK GDPR and the Data Protection Act 2018 — lawful basis, data minimisation, and respect for data-subject rights are built into how we operate.
Automated data retention
We don't keep personal data longer than necessary. Automated retention processes permanently delete unsuccessful applicants' data and documents after a defined period, enforcing our retention policy without relying on manual cleanup.
Evaluator integrity standards
Evaluators are identity-verified during recruitment, trained on data-protection practices, and bound by our Code of Conduct — including rules on secure devices, approved systems only, and immediate breach reporting.
Our commitments
What you can hold us to
Your data is used solely to deliver the evaluation work you engage us for — never for any other purpose.
We do not sell, rent, or trade client or applicant data. Ever.
Client material is only accessible to evaluators assigned to your project, under signed confidentiality terms.
You can request deletion of your data at any time, and we respond within 30 days.
Suspected breaches are escalated immediately and affected parties informed in line with UK GDPR requirements.
A note on certifications
We're a growing company and we'd rather be straight with you: we don't yet hold formal certifications such as ISO 27001 or SOC 2, and we won't pretend otherwise. What we do have is a security-first platform, GDPR-compliant processes, contractual confidentiality on every engagement, and a genuine willingness to answer any security question you have before we work together.