Enerprise Grade Security for Our Clients
Security, privacy and compliance built into Traizr. Everything your security, IT and procurement teams need to review us, in one place.
Traizr Security
UK GDPR and EU GDPR
Personal data is processed in accordance with UK GDPR and EU GDPR (Regulation (EU) 2016/679). Traizr is the processor; you remain the controller.
UK and EU data residency
Securely hosted in co-locateddata centres with data residency in the United Kingdom and the EU.
Hosted in ISO 27001 certified facilities
Infrastructure is hosted within ISO 27001 certified datacentre facilities. Traizr is working towards its own ISO/IEC 27001 certification.
Independent assessment
The latest independent external security assessment, by HackerGuardian (a Qualys Approved Scanning Vendor), returned 0 findings.
MFA on privileged access
Multi-factor authentication is enforced for privileged access: hosting provider, server administration, platform management and in-app administrative users.
Encrypted in transit
HTTPS with TLS encryption is enforced for all public services and data in transit. Backups are encrypted and stored off-server.
How we protect the platform
Traizr operates its own managed infrastructure rather than relying on multi-tenant SaaS platforms, which gives us greater control over security, performance and data handling.
Identity and access management
Access to systems is restricted to authorised personnel only. Administrative access is granted on the principle of least privilege and only where operationally required. Access is reviewed periodically and unused accounts are removed promptly. Strong password requirements and complexity rules are enforced, and default passwords must be changed immediately.
Multi-factor authentication
MFA is enforced for privileged administrative access, covering hosting provider access, server administration and platform management systems. Within the application, administrative access is controlled via role-based permissions with MFA enforced for administrative users.
Encryption
All application traffic is secured using HTTPS with TLS encryption to protect data in transit, and HTTPS/TLS is enforced for public services. Backups are encrypted and stored securely using Acronis cloud backup services. Access to customer data is restricted to authorised personnel on a least-privilege basis.
Monitoring and logging
Infrastructure and application health are monitored continuously using 360 Monitoring, with alerts triggered for downtime, performance degradation and resource thresholds. Automated systems notify authorised operational personnel immediately when predefined alert thresholds are exceeded. Security events and infrastructure alerts are reviewed by authorised personnel.
Vulnerability management
Server operating systems and application dependencies are reviewed daily for updates and patched promptly. Daily alerts are received for server updates. External vulnerability scanning is performed, and vulnerabilities identified through scanning are reviewed and remediated.
Incident response
A documented Incident Response Plan defines how incidents are identified, reported, responded to and recovered from. The process runs Identification, Containment, Eradication, Recovery and Post Incident Review. Where applicable, affected customers are notified in accordance with contractual obligations and applicable data protection legislation.
Secure development lifecycle
All code changes are committed via version control and reviewed before deployment. Releases are validated in non-production environments prior to production deployment. Deployment processes are controlled to reduce the risk of unintended changes, and version control maintains a full history of every change.
Threat prevention
We monitor and blocks unauthorised login attempts and brute-force attacks, with failed authentication attempts blocked automatically. Traizr uses real-time malware detection, intrusion prevention and system hardening. Infrastructure sits behind network-level firewall protection.
Backup and recovery
Backups are managed using cloud backup services and stored securely off-server, separately from production systems, to ensure recoverability. Systems and data can be restored from backup points in the event of failure or data loss. Recovery processes prioritise restoration of critical services to minimise operational impact.
Looking for Parcel Security?
If you want to understand how Traizr keeps mail and parcels secure inside your building, including audit trails, chain of custody and role-based permissions, see Security and Compliance.
Privacy and data protection
Your data stays yours. Traizr processes it on your instructions, in the United Kingdom and the EU.
Data ownership and roles
Traizr acts as the data processor and the customer is the data controller. Personal data is processed only in accordance with documented instructions from the controller, unless required by law to act otherwise. Personnel authorised to process personal data are subject to confidentiality obligations.
Legislation
Personal data is processed in accordance with UK GDPR and EU GDPR (Regulation (EU) 2016/679) where applicable. Technical and organisational measures are implemented in accordance with GDPR Article 32 to ensure a level of security appropriate to the risk.
Data residency
Data residency is the United Kingdom and the EU. International transfers are protected using appropriate safeguards.
Retention and deletion
Customer data is deleted or returned upon termination in accordance with contractual requirements. Backup and log data are retained in line with operational and compliance requirements and are periodically reviewed.
Data Processing Agreements
Data Processing Agreements are maintained with customers where required. The Traizr DPA is available on request through the form below, and forms an addendum to the Privacy Policy and the Service Level Agreement.
Subject access and assistance
Traizr assists controllers with their obligations under applicable data protection law, including matters relating to security, breaches and Privacy Impact Assessments. Full detail is in the Privacy Policy and the Data Processing Agreement.
Uptime and response targets
- Monthly uptime target99.9%
- P1 Critical response1 hour
- P2 High response2 hours
- P3 Medium response4 hours
- P4 Low response1 day
Routine maintenance and feature rollout are scheduled around you and normally sutside standard working hours wherever reasonably possible.
Traizr uses commercially reasonable efforts to resolve issues as quickly as possible. Infrastructure and services are monitored continuously using 360 Monitoring.
Security documentation
The documents below are available to customers and prospects under review. Request the pack and we will email it to you, usually within one working day.
Security & Compliance Overview
On requestThe technical and organisational security controls implemented by Traizr, written to support customer security assessments and due diligence.
Security Policy
On requestThe security controls and operational practices applied to the Traizr platform and supporting infrastructure, covering passwords, MFA, access control, patching and encryption.
Incident Response Plan
On requestHow security incidents are identified, reported, responded to and recovered from, including incident types, reporting contacts and the post-incident review process.
External Security Assessment Summary
On requestExecutive summary of the latest independent external security assessment by HackerGuardian, a Qualys Approved Scanning Vendor, including the findings breakdown by severity.
Data Processing Agreement
On requestThe DPA governing Traizr's processing of personal data on behalf of your organisation, including Article 32 security measures and the named sub-processors.
SaaS Service Level Agreement
On requestService availability, support commitments, maintenance obligations, priority levels, response targets and service credits for the Traizr platform.
Prefer email? Write to security@traizrmail.com.
Need something we have not published?
If you have a security questionnaire, a specific control to evidence, or a due diligence deadline, talk to us directly. We would rather answer the question than have you guess.
