Security
We take security seriously.
How GuardRail protects your data and maintains trust.
Encryption
All data is encrypted at rest and in transit. We use industry-standard encryption (TLS 1.2+ for transport, AES for storage) to ensure your vendor and compliance information is protected.
Authentication & access
User authentication uses secure, industry-standard methods. Passwords are hashed and never stored in plain text. Access is role-based: users only see data relevant to their organisation and permissions.
- Role-based access control (RBAC)
- Organisation-scoped data isolation
- Session management and secure logout
Audit logging
Key actions are logged with timestamps and user identifiers. Professional tier and above include full audit history for compliance and traceability. This helps you demonstrate due diligence and respond to audits.
Data retention
Data remains available for 3 months after subscription or trial ends, giving you time to export or migrate. We do not retain your data indefinitely after you leave.
Infrastructure
GuardRail runs on secure, well-maintained infrastructure. We follow security best practices for hosting, backups, and updates.
Compliance considerations
GuardRail is designed to support your compliance workflows: evidence capture, decision recording, and audit trails. Organisations use GuardRail to manage vendor risk in line with internal policies and regulatory expectations.
Questions?
For security-related questions or enterprise requirements, contact us through the app or your account representative.