No Slip

Security and compliance

Security and compliance built for enterprise procurement

ISO/IEC 27001:2022 certified. UK GDPR aligned. Hosted exclusively in EU data centres. Built to pass procurement scrutiny on first review.

Certifications and standards

ISO/IEC 27001:2022 Certified

Certified

Our information security management system is independently certified. Annual surveillance audits maintain compliance. Certificate available on request to qualified buyers.

UK GDPR and Data Protection Act 2018

Compliant

Compliant by design. Tenant data isolated at the database layer. Subject access requests handled within statutory timeframes.

PECR Compliant

Compliant

Email communications follow the Privacy and Electronic Communications Regulations. No unsolicited marketing without explicit consent.

Infrastructure and hosting

  • All data hosted in EU data centres (Vercel and Neon Postgres, AWS eu-west infrastructure)
  • TLS 1.3 encryption in transit
  • AES-256 encryption at rest
  • Daily encrypted backups with 30-day retention
  • Disaster recovery tested quarterly
  • Status page at status.noslip.co.uk

Access controls

  • Multi-tenant isolation enforced at database row level (PostgreSQL RLS)
  • Role-based access control with audit-logged role changes
  • JWT authentication with short-lived access tokens and httpOnly refresh cookies
  • Two-factor authentication available for all users
  • Internal Gyzer staff access logged and notified to tenant admins (impersonation transparency policy)

Data processing

  • Customer is the Data Controller. Gyzer Technologies is the Data Processor.
  • Data Processing Agreement available for review before contract signature.
  • Sub-processors listed publicly and updated within 30 days of any change.
  • Personal data minimised. We do not request data we do not need.
  • Right to data export and deletion respected per UK GDPR.

Sub-processors

Current as of January 2026. Updated within 30 days of any change.

Sub-processorPurposeLocation
Neon (Databricks Inc.)Database hostingEU (Frankfurt)
Vercel Inc.Application hostingEU (Dublin)
Resend Inc.Transactional emailEU
UpstashRedis cache and queueEU (Frankfurt)
CloudflareDNS and edge securityGlobal edge, data residency in EU

Incident response

  • 24-hour internal alerting on security events
  • Customer notification within 72 hours of any qualifying incident per UK GDPR
  • Post-incident review and remediation documented
  • Security contact: security@noslip.co.uk

Business continuity

4 hours

Recovery Time Objective

24 hours

Recovery Point Objective

Annual

BCP review

Multi-region failover for production database. Documented BCP reviewed annually.

Trust centre contact

For security questionnaires, due diligence requests, or Data Processing Agreement review:

trust@noslip.co.uk — response within 5 business days

security@noslip.co.uk — to report a security concern

Registered entity

Company name
Gyzer Technologies Ltd
Registered office
20-22 Wenlock Road, London N1 7GU
Companies House
15058377
VAT number
464426092
ICO registration
ZB712909
Jurisdiction
England and Wales

Ready to review our security documentation?

Contact trust@noslip.co.uk for DPA review, security questionnaires, or certificate requests.

Book a demoContact trust team