Security

Security at CheckIO.

Verification infrastructure handles sensitive data. We treat security as a core product requirement, not an afterthought.

Encryption

All data encrypted in transit (TLS 1.3) and at rest (AES-256). API keys hashed, never stored in plaintext.

Infrastructure

ISO 27001-certified hosting within UK and EEA. Regular penetration testing and vulnerability assessments.

Access control

Role-based access across the platform. MFA available for all accounts. Audit logging on all API activity.

Monitoring

24/7 infrastructure monitoring with automated alerting. Defined SLAs for incident response.

Key management

API keys are scoped, rotatable, and environment-separated. Granular permissions per service.

Compliance

GDPR and UK DPA compliant. Data processing agreements available. Regular third-party audits.

Responsible disclosure

If you discover a security vulnerability in CheckIO, please report it responsibly to security@checkio.co.uk. We take all reports seriously and will respond within 48 hours.