Skip to main content
BoardServe

Security & Trust Centre

Board material is the most sensitive data you hold.

We treat it that way. BoardServe is built with security and confidentiality as foundations — not features bolted on later. Here is how we protect your information, and how we help you satisfy your own procurement and information-security requirements.

How we protect your data

Security built into the foundations.

UK & EU data residency

Board and committee material is stored and processed within the UK and EU. We can confirm hosting regions for your procurement review.

Encryption everywhere

Data is encrypted in transit (TLS) and at rest. Sensitive material never leaves an encrypted channel.

Role-based access control

Access is scoped by organisation and role. Members see only what their role permits; cross-organisation data is fully isolated.

Audit trails by default

Assessment submissions, declaration requests, document versions and key actions are recorded for audit and accountability.

Least-privilege architecture

Server-side authorisation is enforced on every write, and queries are scoped to the requesting organisation.

UK GDPR alignment

We handle personal data on a clear lawful basis, support data-subject rights, and make a Data Processing Agreement available.

Compliance posture

Built to the standards UK enterprise procurement expects.

We design our controls around the frameworks UK boards and their information-security teams care about. We're happy to share our current certification and assurance status, our security whitepaper and a Data Processing Agreement as part of your review.

  • ISO/IEC 27001
  • Cyber Essentials / Cyber Essentials Plus
  • SOC 2 Type II
  • UK GDPR & Data Protection Act 2018

Certification status varies by framework and evolves as our programme matures. We'll always be transparent about what we hold today and what is in progress — ask us for the current position.

Responsible disclosure

If you believe you've found a security vulnerability, we want to hear from you. Please contact us with details and we'll respond promptly. We ask that you give us a reasonable opportunity to remediate before any public disclosure.

hamada@tgf.global

Need our security documentation?

We'll provide our security whitepaper, DPA and current assurance status to support your due diligence.

Request documentation