Security is foundational at SectorScript. This page summarises the controls we use to protect your data. For a deeper review (penetration test summary, sub-processor list, SOC 2 roadmap) email security@sectorscriptai.com.
Infrastructure
- UK-hosted application and database tier.
- All traffic served over TLS 1.2+; HSTS enabled.
- Data at rest encrypted with AES-256.
- Network isolation between tenants enforced at the database layer with row-level security.
Access control
- Role-based access for every workspace (Owner, Manager, Rep, Agency).
- SSO / SAML available on Business plan.
- Production access limited to a small on-call rotation, with full audit logging.
- Customer impersonation by staff requires explicit ticket linkage and is logged.
Application security
- Static analysis and dependency scanning on every change.
- Authenticated edge functions and short-lived tokens.
- Input validation with schema enforcement on every server function.
- Rate limiting on AI and public endpoints.
Monitoring & response
- Centralised logging and error monitoring with alerting.
- 24/7 incident response on Business plan; documented runbooks.
- Breach notification to affected customers without undue delay.
Backups & resilience
- Encrypted, point-in-time recoverable backups on rolling 90-day cycles.
- Geo-redundant object storage for call recordings.
- Disaster recovery procedures tested at least annually.
Privacy & data residency
- UK GDPR aligned; see our Privacy Policy and DPA.
- Customer data stored in the UK.
- Configurable retention for recordings and prospects per workspace.
- Data export and deletion on request, and self-serve from settings.
Compliance roadmap
- SOC 2 Type I, in scoping for 2026.
- ISO 27001, planned to follow SOC 2.
- Annual third-party penetration test.
Responsible disclosure
Found something? Email security@sectorscriptai.com, we respond within 2 business days and credit researchers in our hall of fame.