Security & Compliance
Transparency for procurement teams, enterprise customers, and compliance officers. Everything you need to assess SummitBridge Horizon as a data processor.
Security Controls
Data Encryption
AES-256 at rest · TLS 1.3 in transit
Infrastructure
Hostinger (Almanya, EU) · ISO 27001 certified DC
Data Residency
EU & UK — no third-country transfers without SCCs
Authentication
TOTP MFA available · bcrypt password hashing
Backup
Daily encrypted backups · 30-day retention
Incident Response
72h ICO notification · NIS2-aligned IR plan
Compliance Status
UK GDPR
ICO registered · Privacy notice current
ICO Registration
Data controller registration active — ico.org.uk
UK GDPR Art. 28 DPAs
All processors covered by signed DPAs
Cookie Compliance
PECR-aligned consent management
Companies House
Co. No. 16419201 · Confirmation statement current
PCI DSS
No card data stored — Stripe handles all payments
Frequently Asked Questions
Where is my data stored?
All customer data is stored on Hostinger infrastructure located in Frankfurt, Germany (EU). We do not transfer personal data outside the UK/EU without appropriate safeguards.
Who has access to customer data?
Only authorised SummitBridge Horizon personnel with a documented business need. All access is logged. We do not sell data to third parties under any circumstances.
How do you handle a data breach?
We follow our documented Incident Response Plan. Affected customers are notified within 72 hours. Where required, the ICO is also notified within the statutory 72-hour window.
Can I get a Data Processing Agreement (DPA)?
Yes. If you are a controller using SummitBridge services, a compliant GDPR Art. 28 DPA is available on request. Contact [email protected].
Do you conduct penetration testing?
Yes. Annual penetration testing is conducted by a CREST-accredited provider. An executive summary of the most recent test results is available to enterprise customers under NDA.
What subprocessors do you use?
Key subprocessors: Stripe (payments, US — SCCs in place), Resend (email delivery, EU), Hostinger (infrastructure, EU), Anthropic (AI features, US — data minimised, no training on customer data).
Need More Information?
For security questionnaires, DPA requests, penetration test summaries, or vendor due diligence enquiries:
SummitBridge Horizon Ltd · Co. No. 16419201 · ICO Reg: ZC112810 · 71-75 Shelton St, London WC2H 9JQ
Data processed in: UK (Hostinger London) + EU (Hostinger Germany) · Payments: Stripe (PCI DSS) · AI: Anthropic (SCCs applied)