Founding partner offer: First 20 providers get a 3-year price lock. Book your demo today. · See pricing →
Security

Built for the data accountable care demands.

EU West data residency, AES-256 encryption at rest, TLS 1.2+ in transit, immutable audit trail, ICO-registered, with a full Data Processing Agreement available on request.

Request our DPA → See certification status
Infrastructure

Where your data lives. How it’s protected.

EU West data residency

All data stored on Supabase infrastructure in EU West (Ireland region), satisfying UK GDPR data residency requirements for UK supported accommodation providers.

Encrypted at rest and in transit

AES-256 encryption at rest. TLS 1.2+ for all data in transit. No unencrypted data transmission at any point.

Automated daily backups

Point-in-time recovery available. Data retained in accordance with statutory record-keeping obligations for UK supported accommodation providers.

Access control

Who can see what.

Staff directory showing role assignments per team member with status pills for active accounts and authentication method (email or PIN)
Roles, scoped per person·Ten distinct roles, enforced at the database layer with row-level security. Each staff member assigned to one role. Status pills surface authentication method (email or PIN) and account state.
Access & compliance

Compliance that holds up to inspection.

Role-based access

Staff see only what their role requires. Configurable per user, per service, per organisation.

Time-boxed agency staff access

Per-shift scoping. Eight-tab read-only view. Expiry built in. Every view logged.

Immutable audit trail

Every action time-stamped and attributable. Cannot be edited or deleted. Available for any inspection, review, or serious case review.

Data Processing Agreement

A full DPA is available to all customers on request, covering controller/processor relationships, sub-processors, data subject rights, and breach notification.

UK GDPR compliant

Built for UK GDPR compliance from the ground up. ICO registered. DPA available. EU West hosting.

Current status

Where we are. Honestly.

We update this page as certifications are completed or progressed. We do not overclaim.

UK GDPR compliance
Active
ICO Registration
Registered
Data Processing Agreement
Available on request
EU West data hosting
Active (Supabase Ireland)
Encrypted at rest (AES-256)
Active
Encrypted in transit (TLS 1.2+)
Active
🔄
Cyber Essentials Plus
Pending

Data Processing Agreement

A full Data Processing Agreement is available to all TIFA Connect customers on request. The DPA covers:

  • Data controller and processor responsibilities
  • Sub-processor disclosure
  • Data subject rights and request handling
  • Breach notification procedures and timelines
  • Data retention schedules and deletion rights
  • International transfer safeguards
Request DPA →

Not ready to register?

Download our one-page overview and share it with your team or board before booking a call.

Request the overview PDF →