hub
CaseFlo
Security & Trust
UK Data Residency
All personal data is processed and stored exclusively within the United Kingdom. Your data never leaves the UK — no cross-border transfers, no EU sub-processors.
check_circleAES-256 encryption at rest
check_circleTLS 1.3 for all data in transit
check_circleUK-owned infrastructure
check_circleISO 27001 certified hosting
Data Processing Agreement
We offer a signed DPA for all customers. Contact us to execute a DPA with your agency's standard terms.
mailRequest a DPA — hello@caseflo.co.ukSub-Processors
We use minimal third-party services, all UK-hosted:
| Service | Purpose | Location |
|---|---|---|
| Supabase | Database & Authentication | UK West |
| Vercel | Application Hosting | UK West |
| Stripe | Payment Processing | UK/EU |
| Sentry | Error Monitoring | EU |
Security Whitepaper
Our full security architecture, penetration test results, and compliance documentation are available on request.
mailRequest security documentation