Security

Your data is safe with us

We take security seriously. Here's exactly what we do to protect your team's data.

All communication between your device and our servers uses TLS 1.2 or higher. No data travels unencrypted.

All stored data is encrypted using AES-256. This includes your team data, schedules, and messages.

We follow GDPR principles: data minimisation, purpose limitation, and user rights to access, correct, and delete data.

Role-based permissions ensure employees can only see their own data. Managers see only their team. No cross-tenant data access is possible.

We conduct regular internal security reviews and will commission independent penetration tests as we scale.

In the event of a security incident, we will notify affected users within 72 hours and outline the steps taken.

Found a vulnerability?

We appreciate responsible disclosure. If you discover a security issue, please contact us before making it public and we'll address it promptly.