Security Statement

1. Introduction

ProfitLens Technologies Ltd, trading as ProfitLens UK, is committed to maintaining the confidentiality, integrity, and availability of user data. This Security Statement outlines the technical and organisational measures we use to protect your information.

Security is a core part of our platform design, development, and operations.

2. Security Principles

• Confidentiality – Only authorised individuals can access data.
• Integrity – Data is protected from unauthorised modification.
• Availability – The Service remains accessible and reliable.

3. Data Encryption

3.1 Encryption in Transit

All data transmitted between your device and our servers is encrypted using TLS 1.2+.

3.2 Encryption at Rest

All stored data, including backups, is encrypted using industry‑standard encryption (AES‑256 or equivalent).

4. Secure Infrastructure

ProfitLens UK uses secure cloud infrastructure with:

• Physical data centre security
• Redundant power and networking
• Firewalls and intrusion detection
• DDoS protection
• Regular security patching

We do not host data on local servers.

5. Access Controls

We enforce strict access controls, including:

• Role‑based access
• Multi‑factor authentication for internal systems
• Least‑privilege principle
• Logged and monitored access
• Regular access reviews

Only authorised staff can access production systems.

6. Application Security

We follow secure development practices, including:

• Code reviews
• Dependency scanning
• Vulnerability testing
• Continuous monitoring
• Secure API design
• Regular penetration testing

Passwords are never stored in plaintext and are hashed using industry‑standard algorithms.

7. Data Backups & Disaster Recovery

ProfitLens UK performs:

• Daily encrypted backups
• Off‑site redundancy
• Disaster recovery planning
• Regular restoration testing

In the event of a major incident, we aim to restore service within 24 hours.

8. Monitoring & Logging

We monitor:

• System performance
• Authentication attempts
• Suspicious activity
• Error logs
• API usage patterns

Alerts are triggered for unusual or potentially malicious behaviour.

9. Incident Response

If a data breach occurs, we will investigate immediately, contain the issue, and notify affected users without undue delay.

Where required, we will notify the Information Commissioner’s Office (ICO).

We maintain an internal incident response plan to ensure rapid action.

10. Third‑Party Security

We only work with third‑party providers who meet GDPR requirements and implement strong security controls.

Examples include:

• Cloud hosting providers
• Payment processors
• Analytics tools
• Customer support platforms

We never sell personal data.

11. User Responsibilities

Users must:

• Use strong passwords
• Keep login credentials secure
• Ensure their devices are protected
• Report suspicious activity promptly
• Not upload harmful or malicious files

Security is a shared responsibility between ProfitLens UK and its users.

12. Continuous Improvement

We regularly review and update our security measures to address emerging threats, improve resilience, and maintain compliance.