How we keep your data + reputation safe.
We run customer UGC for regulated industries. The bar is high. The story below is what is true today, not the marketing version. Where something is on the roadmap, we say so.
99.95%
uptime · trailing 90d
eu-west-2
AWS · single region
90 d
audit retention · 1 y on request
< 72 h
breach notification
Events processed · 24h
284,173
UGC posts · rights requests · widget impressions
AWS eu-west-2
London · single-region
99.95%
measured · status.idukki.io
Event tail · last 4
- TLS 1.3 ✓inbound · widget.js0s
- AES-256 ✓tenant 0x7a2 · put0.4s
- RBAC ✓rights.read · ok1.1s
- Audit ✓login · sso · okta1.6s
Posture · today
- Live
Encryption
TLS 1.3 · AES-256
- Live
SSO + RBAC
Okta · Azure · Google
- Live
Audit log
90 d · 1 y on req
- Live
Pen-test · annual
CREST · last May
- In prog
SOC 2
Type I · in progress
- Roadmap
ISO 27001 / PCI
2026 roadmap
Request rate · per s
The full posture
Six surfaces, every line annotated as live, in progress or on the roadmap. The DPA goes deeper on each row and is the procurement-ready version of this page.
Compliance posture
- In prog
SOC 2 Type I
In progress · audit window open
- Live
GDPR / UK GDPR
Self-attested · DPA available
- Live
CCPA · CPRA
Self-attested · DSAR workflow
- Live
India DPDP
Self-attested · data fiduciary
- Roadmap
ISO 27001
2026 roadmap
- Roadmap
PCI DSS
2026 roadmap · we do not store PAN
Access + identity
- Live
TLS 1.3
Inbound + outbound · HSTS
- Live
AES-256 at rest
Database + object storage
- Live
SAML 2.0 SSO
Okta · Azure AD · Google Workspace
- Live
Role-based access
Owner / Admin / Editor / Viewer
- Live
MFA
Required for all staff accounts
Infrastructure
- Live
Region
AWS eu-west-2 · London
- Live
Edge + CDN
Vercel · Cloudflare
- Live
Secrets management
AWS Secrets Manager · KMS rotated
- Live
Backups
Daily snapshots · 30-day retention
- Roadmap
Multi-region failover
Roadmap · 2027
Data + retention
- Live
Tenant isolation
Per-tenant ID, row-level scoping
- Live
Audit log retention
90 days standard · 1 year on customer request
- Live
GDPR deletion SLA
30 days · documented in DPA
- Live
Sub-processors
Public list · email-notified change
- Live
Data export
Self-serve · JSON + CSV
Monitoring + assurance
- Live
Application monitoring
Sentry · OpenTelemetry · 24/7
- Live
Anomaly alerting
Auth + billing + rate-limit
- Live
Annual pen test
Independent · last May 2026
- Live
Bug bounty
security@idukki.io · scope-limited
- Live
On-call ack
< 15 min business / 30 min nights
Incident response
- Live
Public status page
status.idukki.io · uptime + incidents
- Live
Customer notification
72 hours of confirmed disclosure
- Live
DPA breach clauses
Contractually committed timelines
- Live
DR drills
Quarterly tabletop · results in DPA bundle
Need the DPA, sub-processor list and security questionnaire?
We ship a single ZIP. DPA (with SCCs), sub-processor register, redline-friendly MSA, SIG-Lite, the current penetration test executive summary, and the trailing-quarter SOC 2 audit progress note. Request it once, route it through legal.
- DPA + SCCs
- Sub-processor register
- SIG-Lite
- Pen-test exec summary
- SOC 2 audit note
- MSA redlines
One-click bundle
Request the DPA bundle
Sent within one UK business day. No sales call required.
Security review
Need our SOC 2 report or DPA?
Available under NDA in minutes. Plus a fully-prefilled vendor security questionnaire (CAIQ + SIG-Lite).
- No credit card
- Cancel anytime
- SOC 2 + GDPR
