Built for the data regulated care demands.
EU West data residency, AES-256 encryption at rest, TLS 1.2+ in transit, immutable audit trail, ICO-registered, with a full Data Processing Agreement available on request.
Where your data lives. How it’s protected.
EU West data residency
All data stored on Supabase infrastructure in EU West (Ireland region), satisfying UK GDPR data residency requirements for regulated care providers.
Encrypted at rest and in transit
AES-256 encryption at rest. TLS 1.2+ for all data in transit. No unencrypted data transmission at any point.
Automated daily backups
Point-in-time recovery available. Data retained in accordance with statutory requirements for regulated care providers operating under CIW and CQC frameworks.
Compliance that holds up to inspection.
Role-based access
Staff see only what their role requires. Configurable per user, per service, per organisation.
Immutable audit trail
Every action time-stamped and attributable. Cannot be edited or deleted. Available for any inspection, review, or serious case review.
Data Processing Agreement
A full DPA is available to all customers on request, covering controller/processor relationships, sub-processors, data subject rights, and breach notification.
UK GDPR compliant
Built for UK GDPR compliance from the ground up. ICO registered. DPA available. EU West hosting.
Where we are. Honestly.
We update this page as certifications are completed or progressed. We do not overclaim.
Data Processing Agreement
A full Data Processing Agreement is available to all TIFA Connect customers on request. The DPA covers:
- Data controller and processor responsibilities
- Sub-processor disclosure
- Data subject rights and request handling
- Breach notification procedures and timelines
- Data retention schedules and deletion rights
- International transfer safeguards