We are a certified ISO 27001 company, demonstrating to regulatory authorities and other interested parties that we take security of information we hold seriously and, having identified risks, we do as much as is reasonably possible to address them.

Our ISMS framework helps to reduce the likelihood of breaches, and the controls we have in place reduce the potential impacts of these security risks which is fundamental to our partners. This internationally recognised ‘best-practice’ standard allows our clients to feel safe and secure, and reassures partners that we look after their valuable assets and information security.

All traffic between our APIs and client-facing applications is encrypted and served over HTTPS (enforced with HSTS) using the strongest TLS security policies. We also submit all of our applications to external penetration testing.

We deploy group-based and role-based access control policies for data access on both the infrastructure and application level. We also keep a full audit log of administrative and user access.

All sensitive data in our applications is encrypted at rest using AES-256 Ciphers. We only keep sensitive data on privately accessible servers, never public.

Our applications are monitored and alerts are automatically triggered if something looks out of the ordinary. This tells us if there's a problem, so you don't have to.

Each of our applications is deployed within the AWS Cloud and is isolated on its own resources - within its own account and inside its own VPC. Sensitive resources, such as databases, are only able to communicate through private connections and are not available for access on the outside internet.

Cyber Essential+ is a prestigious certification that demonstrates our commitment to robust cybersecurity practices and protection against online threats. It is a government-backed scheme designed to ensure that organisations like ours have implemented essential security controls to safeguard sensitive data and maintain the integrity of our digital infrastructure.

By achieving Cyber Essential+ certification, we have undergone a rigorous assessment of our cybersecurity measures, including network security, access controls, patch management, and malware protection. This certification signifies that we have taken proactive steps to mitigate risks and fortify our defences against cyberattacks.

With Cyber Essential+ certification, our clients and partners can trust that we prioritise the security of their data and information. It serves as a testament to our dedication to maintaining a secure online environment, safeguarding against potential cyber threats, and providing a foundation for secure business operations.

You must not, or facilitate or allow others to:

• Use our Website or Services for any illegal or fraudulent activity, or to breach any rules set out by the Financial Conduct Authority (FCA), the Prudential Regulation Authority (PRA), or other relevant regulators.
• Use the Services in a way that interferes with or attempts to interfere with the proper provision of our Services, including but not limited to introducing viruses, malware, or any code intended to disrupt our Services, intercept data, or bypass our security controls.
• Use automated tools or bots to extract data from or interact with our Website or Services.
• Use our Website or Services to violate the rights of others, including to upload or distribute material that is offensive, defamatory, or intended to harass others.
• Transfer your right to access our Services to any third party or share accounts.
• Attempt to reverse engineer or derive the source code of all or part of our software, except as permitted by applicable law.
• Modify, customise, port, translate, localise or create derivative works of our software.

You agree to:

• Keep login details safe and private and never share passwords between colleagues or with third parties.
• Ensure that you have the legal right and necessary consents to share any documents or information that you upload to our Services.
• Ensure that all files shared with our Services are free from malicious software.
• Evaluate the accuracy of any output of artificial intelligence tools provided by our Services and verify that it does not violate any third party rights.
• Tell us immediately if you suspect a security breach, a data leak, or unauthorised access to or use of any account by sending notice to privacy@artificial.io.

We may update these rules from time to time to reflect changes in technology, regulation or law.