Security

Your data, handled properly

We take the security and privacy of trainee data seriously. Here's exactly how.

Data hosting

All data is hosted on dedicated servers in the EU. We do not use shared cloud environments.

Encryption

Data is encrypted in transit using TLS. Passwords are hashed with bcrypt using industry-standard salt rounds and are never stored in plaintext.

Data isolation

Each organisation operates on its own isolated instance with a dedicated database. One organisation's data is never accessible to another.

Access controls

Role-based access control ensures users only see data they're authorised to access. Administrative actions are logged in an audit trail.

Authentication

Email and password authentication with bcrypt hashing, per-account brute-force protection, and email verification before account activation.

GDPR compliance

Exogi is designed with GDPR and UK DPA 2018 compliance built in. We support subject access requests, data export, and full erasure. Essential cookies only — no tracking or analytics cookies. See our privacy policy for full details.

Data retention & deletion

You can request an export of your data or full deletion at any time. Deletion is immediate and irreversible. Automated retention policies anonymise inactive records after two years.

Incident response

We maintain a documented incident response procedure. In the event of a personal data breach, affected organisations will be notified within 72 hours as required by GDPR.

Data Processing Agreement

We provide a Data Processing Agreement on request for organisations that require one. Contact us at hello@exogi.co.uk.

Security contact

To report a security concern or request our security documentation, email security@exogi.co.uk