Security

At SecDim, security is not a feature — it is foundational. Our platform is designed, built, and operated with a security-first mindset to protect customer data, minimise risk, and maintain trust. This page outlines the technical, organisational, and procedural controls we employ to safeguard your information.

Compliance

SOC 2 Compliance

SecDim is SOC 2 compliant. Our controls have been independently assessed against industry-recognised trust principles covering security, availability, and confidentiality.

GDPR Compliance

SecDim complies with the General Data Protection Regulation (GDPR).

Our GDPR alignment includes:

  • Data minimisation by design

  • Purpose limitation and lawful processing

  • Strong technical and organisational security measures

  • Support for data subject rights where applicable

We process data responsibly and transparently, with privacy and security embedded into our platform architecture.

Minimal Data Collection

We deliberately minimise the collection and storage of personally identifiable information (PII). SecDim requires only a unique identifier for authentication and platform operation. We do not collect unnecessary personal data.

This approach significantly reduces the attack surface and limits the impact of any potential security incident while preserving a secure and seamless user experience.

Secure Cloud Infrastructure

SecDim operates on cloud infrastructure provided by vendors that meet globally recognised security and compliance standards, including:

  • ISO 27001, ISO 27017, ISO 27018

  • SOC 2

  • FIPS 140-2

  • GDPR-aligned data protection controls

Our cloud providers undergo regular independent audits to validate the effectiveness of their security controls. This allows us to operate on a resilient, compliant, and highly secure foundation.

Security-Focused Engineering Team

Our engineering team is security-trained and security-driven. Team members have hands-on experience designing, implementing, and maintaining hardened systems and defensive controls.

Security considerations are embedded throughout the development lifecycle, from architecture and threat modelling to code review and deployment.

Strict Data Access Controls

We do not sell, rent, or share customer data with third parties.

Internally, SecDim enforces the principle of least privilege. Access to production systems and customer data is restricted to a small number of vetted administrators and is granted only when operationally required.

All privileged access is:

  • Explicitly approved

  • Logged and monitored

  • Audited regularly

This ensures accountability and prevents unauthorised or inappropriate use.

Data Protection

Network Security

  • All data in transit is encrypted using TLS v1.2 or higher.

  • Strong, modern cipher suites are enforced.

  • Firewalls and network controls strictly regulate inbound and outbound traffic, blocking malicious activity while allowing legitimate access.

Access and Account Security

  • Multi-Factor Authentication (MFA) is mandatory for all user and administrative access.

  • Passwords must meet strict length and complexity requirements.

  • Credentials are stored using modern, salted cryptographic hashing algorithms.

  • Role-based access control ensures users have only the permissions required for their responsibilities.

  • All authentication and access events are logged, monitored, and auditable.

  • Anti-automation and rate-limiting controls protect against brute-force and credential-stuffing attacks.

  • Active session management and monitoring are used to detect and prevent authenticated abuse.

Database Security

  • Sensitive data is encrypted at rest using industry-standard cryptographic mechanisms.

  • All database connections are encrypted in transit.

  • Regular, secure backups are performed to support disaster recovery and data integrity.

  • Database access is restricted, authenticated, and fully audited.

System Security

  • Security patches and updates are applied promptly.

  • Continuous and periodic vulnerability scanning is performed.

  • Identified issues are prioritised and remediated without delay.

  • Systems are hardened following best-practice guidelines, with unnecessary services removed to minimise attack surface.

Responsible Disclosure Policy

We support responsible security research and welcome reports of potential vulnerabilities. Refer to our Responsible Disclosure page for more information.