Everyvue logoEveryvue

Security & Safeguarding

What we do to protect your organisation, your data, and the people you serve.

We built Everyvue for charities and organisations that work with vulnerable people. That means the bar for security, data protection, and safeguarding isn't optional — it's the whole point. Below is a straightforward summary of what we do and why, so you can make an informed decision about trusting us with your data.

At a glance

ICO registered data controller
UK GDPR compliant
DBS checked director & staff
Data encrypted at rest & in transit
UK-hosted data
72-hour breach notification

People & Checks

  • Director and all staff with system access hold current DBS Enhanced Disclosure certificates
  • Background verification completed before any access to client data is granted
  • Ongoing safeguarding and data protection training for the whole team
  • Regular compliance refreshers aligned to ICO and sector guidance

Data Security

  • All data encrypted at rest (AES-256) and in transit (TLS 1.2+)
  • Data hosted in UK/EU data centres — your data never leaves the region without your knowledge
  • Automated daily backups with tested disaster recovery procedures
  • Private source code repositories — no credentials or secrets ever committed to version control
  • Password manager and mandatory 2FA enforced for every team member
  • Working towards Cyber Essentials certification

Legal & Compliance

  • Registered UK data controller with the ICO
  • Full UK GDPR compliance — lawful basis documented for all processing activities
  • Data Processing Agreement (DPA) provided to every client before go-live
  • Privacy Policy and Cookie Policy published and kept up to date
  • Regular internal compliance audits against UK GDPR obligations
  • Sub-processor register maintained and available on request

Safeguarding

  • Built specifically for organisations working with vulnerable people — young people, housing clients, and more
  • Data minimisation by design: we only collect what's needed, nothing more
  • Role-based access controls mean staff only see data relevant to their role
  • Full audit trail on all data access and changes — nothing happens without a record
  • Documented data breach response plan with 72-hour ICO notification procedure
  • Clear data retention schedules — data deleted promptly when no longer needed

Insurance & Protection

  • Professional Indemnity insurance: £1,000,000
  • Cyber Liability insurance: £1,000,000
  • Business continuity plan in place, tested annually
  • Incident response playbook covering data breaches, outages, and security events

Transparency

  • Registered UK limited company — Updata Group Ltd
  • Filed accounts and confirmation statements at Companies House
  • Open to client audits and due diligence reviews on request
  • Security questions? We're happy to complete your supplier questionnaires
  • Contact us any time at daniel@everyvue.com

Got a supplier questionnaire or due diligence form?

Drop us a line at daniel@everyvue.com and we'll get it filled in quickly.