Enerprise Grade Security for Our Clients

Security, privacy and compliance built into Traizr. Everything your security, IT and procurement teams need to review us, in one place.

At a glance

Traizr Security

UK GDPR and EU GDPR

Personal data is processed in accordance with UK GDPR and EU GDPR (Regulation (EU) 2016/679). Traizr is the processor; you remain the controller.

UK and EU data residency

Securely hosted in co-locateddata centres with data residency in the United Kingdom and the EU.

Hosted in ISO 27001 certified facilities

Infrastructure is hosted within ISO 27001 certified datacentre facilities. Traizr is working towards its own ISO/IEC 27001 certification.

Independent assessment

The latest independent external security assessment, by HackerGuardian (a Qualys Approved Scanning Vendor), returned 0 findings.

MFA on privileged access

Multi-factor authentication is enforced for privileged access: hosting provider, server administration, platform management and in-app administrative users.

Encrypted in transit

HTTPS with TLS encryption is enforced for all public services and data in transit. Backups are encrypted and stored off-server.

How we protect the platform

Traizr operates its own managed infrastructure rather than relying on multi-tenant SaaS platforms, which gives us greater control over security, performance and data handling.

Identity and access management

Access to systems is restricted to authorised personnel only. Administrative access is granted on the principle of least privilege and only where operationally required. Access is reviewed periodically and unused accounts are removed promptly. Strong password requirements and complexity rules are enforced, and default passwords must be changed immediately.

Multi-factor authentication

MFA is enforced for privileged administrative access, covering hosting provider access, server administration and platform management systems. Within the application, administrative access is controlled via role-based permissions with MFA enforced for administrative users.

Encryption

All application traffic is secured using HTTPS with TLS encryption to protect data in transit, and HTTPS/TLS is enforced for public services. Backups are encrypted and stored securely using Acronis cloud backup services. Access to customer data is restricted to authorised personnel on a least-privilege basis.

Monitoring and logging

Infrastructure and application health are monitored continuously using 360 Monitoring, with alerts triggered for downtime, performance degradation and resource thresholds. Automated systems notify authorised operational personnel immediately when predefined alert thresholds are exceeded. Security events and infrastructure alerts are reviewed by authorised personnel.

Vulnerability management

Server operating systems and application dependencies are reviewed daily for updates and patched promptly. Daily alerts are received for server updates. External vulnerability scanning is performed, and vulnerabilities identified through scanning are reviewed and remediated.

Incident response

A documented Incident Response Plan defines how incidents are identified, reported, responded to and recovered from. The process runs Identification, Containment, Eradication, Recovery and Post Incident Review. Where applicable, affected customers are notified in accordance with contractual obligations and applicable data protection legislation.

Secure development lifecycle

All code changes are committed via version control and reviewed before deployment. Releases are validated in non-production environments prior to production deployment. Deployment processes are controlled to reduce the risk of unintended changes, and version control maintains a full history of every change.

Threat prevention

We monitor and blocks unauthorised login attempts and brute-force attacks, with failed authentication attempts blocked automatically. Traizr uses real-time malware detection, intrusion prevention and system hardening. Infrastructure sits behind network-level firewall protection.

Backup and recovery

Backups are managed using cloud backup services and stored securely off-server, separately from production systems, to ensure recoverability. Systems and data can be restored from backup points in the event of failure or data loss. Recovery processes prioritise restoration of critical services to minimise operational impact.

Looking for Parcel Security?

If you want to understand how Traizr keeps mail and parcels secure inside your building, including audit trails, chain of custody and role-based permissions, see Security and Compliance.

Privacy

Privacy and data protection

Your data stays yours. Traizr processes it on your instructions, in the United Kingdom and the EU.

Data ownership and roles

Traizr acts as the data processor and the customer is the data controller. Personal data is processed only in accordance with documented instructions from the controller, unless required by law to act otherwise. Personnel authorised to process personal data are subject to confidentiality obligations.

Legislation

Personal data is processed in accordance with UK GDPR and EU GDPR (Regulation (EU) 2016/679) where applicable. Technical and organisational measures are implemented in accordance with GDPR Article 32 to ensure a level of security appropriate to the risk.

Data residency

Data residency is the United Kingdom and the EU. International transfers are protected using appropriate safeguards.

Retention and deletion

Customer data is deleted or returned upon termination in accordance with contractual requirements. Backup and log data are retained in line with operational and compliance requirements and are periodically reviewed.

Data Processing Agreements

Data Processing Agreements are maintained with customers where required. The Traizr DPA is available on request through the form below, and forms an addendum to the Privacy Policy and the Service Level Agreement.

Subject access and assistance

Traizr assists controllers with their obligations under applicable data protection law, including matters relating to security, breaches and Privacy Impact Assessments. Full detail is in the Privacy Policy and the Data Processing Agreement.

Availability

Uptime and response targets

  • Monthly uptime target99.9%
  • P1 Critical response1 hour
  • P2 High response2 hours
  • P3 Medium response4 hours
  • P4 Low response1 day

Routine maintenance and feature rollout are scheduled around you and normally sutside standard working hours wherever reasonably possible.

Traizr uses commercially reasonable efforts to resolve issues as quickly as possible. Infrastructure and services are monitored continuously using 360 Monitoring.

Documents

Security documentation

The documents below are available to customers and prospects under review. Request the pack and we will email it to you, usually within one working day.

Security & Compliance Overview

On request

The technical and organisational security controls implemented by Traizr, written to support customer security assessments and due diligence.

Version
1.6
Date
12 Jan 2026
Owner
Decoded Group

Security Policy

On request

The security controls and operational practices applied to the Traizr platform and supporting infrastructure, covering passwords, MFA, access control, patching and encryption.

Version
1.2
Date
12 Jan 2026
Owner
Decoded Group

Incident Response Plan

On request

How security incidents are identified, reported, responded to and recovered from, including incident types, reporting contacts and the post-incident review process.

Version
1.3
Date
12 Jan 2026
Owner
Decoded Group

External Security Assessment Summary

On request

Executive summary of the latest independent external security assessment by HackerGuardian, a Qualys Approved Scanning Vendor, including the findings breakdown by severity.

Result
0 findings
Owner
Decoded Group

Data Processing Agreement

On request

The DPA governing Traizr's processing of personal data on behalf of your organisation, including Article 32 security measures and the named sub-processors.

Owner
Decoded Group

SaaS Service Level Agreement

On request

Service availability, support commitments, maintenance obligations, priority levels, response targets and service credits for the Traizr platform.

Version
1.7
Date
May 2026
Owner
Decoded Group

Prefer email? Write to security@traizrmail.com.

Request the security pack

Tell us who you are and which documents you need. Leave the checklist blank to receive the full pack.

Which documents do you need?

Leave blank and we will send the full pack.

We use your details only to send the documents you asked for and to answer your questions. See our Privacy Policy. Prefer email? Write to security@traizrmail.com.

Need something we have not published?

If you have a security questionnaire, a specific control to evidence, or a due diligence deadline, talk to us directly. We would rather answer the question than have you guess.