Security & Trust
Enterprise-grade security protecting your business operations data
At ExpiryEdge, security isn't an afterthought - it's the foundation. We leverage Google Cloud and Firebase's world-class infrastructure to keep your deadline records, SOP checklists, documents, and sensitive business data safe, secure, and always accessible.
GDPR Compliant
CCPA Compliant
Google Cloud
Firebase
How We Protect Your Data
ExpiryEdge implements multiple layers of security to ensure your deadline records, workflow checklists, contracts, licences, and sensitive business data remain protected at all times.
Enterprise-Grade Encryption
All data is encrypted in transit using industry-standard TLS and at rest using AES-256 encryption provided by Google Cloud Platform.
Firebase & Google Cloud Infrastructure
Built on Firebase and Google Cloud Platform-the same infrastructure trusted by enterprises worldwide for security and reliability.
Secure Authentication
Firebase Authentication with support for OAuth 2.0, multi-factor authentication (MFA), and enterprise SSO integration.
Access Controls & Permissions
Role-based access control (RBAC) ensures team members only see data relevant to their responsibilities with granular permission settings.
Data Isolation & Privacy
Your organization's data is logically isolated and never shared with other customers. Complete data sovereignty and privacy protection.
Automated Backups
Daily automated backups with point-in-time recovery ensure your critical compliance data is always protected and recoverable.
Compliance Standards
GDPR and CCPA compliant with transparent data processing. We follow industry best practices for handling sensitive compliance information.
99.9% Uptime SLA
Backed by Google Cloud's global infrastructure with redundancy and automatic failover for maximum availability.
Security Monitoring
Continuous monitoring and logging of all system activities with automated threat detection and real-time alerts.
Data Retention Control
You control how long your data is retained. Export or permanently delete your data at any time with complete transparency.
Secure Password Policies
Enforced strong password requirements, password reset security, and optional MFA for enhanced account protection.
Responsible Disclosure
We welcome security researchers and have a responsible disclosure program. Report vulnerabilities to security@expiryedge.com.
Built on Google Cloud Platform
ExpiryEdge runs on Google Cloud Platform and Firebase-infrastructure trusted by billions of users worldwide. This means:
Global network of data centers with 99.95% uptime SLA
Automatic scaling to handle your growing compliance needs
DDoS protection and advanced threat detection
ISO 27001, SOC 2, and SOC 3 certified infrastructure
Data residency options for regulatory compliance
Advanced firewall rules and network security
Data Protection Guarantee
Your compliance data is encrypted both in transit and at rest using AES-256 encryption. Only you and authorized team members can access your organization's information.
End-to-end encryption
Zero-knowledge architecture
Regular security audits
Your Privacy, Our Priority
We are committed to protecting your privacy and maintaining transparency about how we handle your data:
We never sell or share your data with third parties
You own your data-export or delete it at any time
Transparent data processing with full GDPR compliance
Regular third-party security assessments
Clear privacy policy with no hidden clauses
Data Processing Agreements (DPA) available on request
Security Best Practices
We follow industry-leading security practices to protect your organization:
Regular penetration testing and vulnerability assessments
Employee security training and background checks
Incident response plan with 24/7 monitoring
Secure software development lifecycle (SSDLC)
Comprehensive audit logs for compliance reporting
Security – Frequently Asked Questions
Common questions about how ExpiryEdge protects your compliance data.
Where is my data stored?
All ExpiryEdge data is stored on Google Cloud Platform infrastructure, which provides enterprise-grade availability, redundancy, and physical security. Data is hosted in secure data centres with multiple layers of physical and network protection.
Is my data encrypted?
Yes. All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.2 or higher. This ensures that your compliance records, documents, and user information are protected both when stored and when transmitted between your browser and our servers.
Who can access my organisation's data in ExpiryEdge?
Access is controlled by role-based permissions that you configure. Within your organisation, each user sees only the records their role allows. ExpiryEdge staff do not access customer data except when explicitly required for support purposes with customer permission. We do not sell or share your data with third parties.
Is ExpiryEdge compliant with GDPR?
ExpiryEdge is designed with GDPR principles in mind, including data minimisation, purpose limitation, and the ability to export or delete your data on request. We process data in accordance with our Privacy Policy and act as a data processor on behalf of your organisation as the data controller.
What happens to my data if I cancel my ExpiryEdge subscription?
You can export your compliance data at any time before cancelling. After account closure, data is retained for a short period in accordance with our data retention policy before being permanently deleted. We never hold your data hostage - your records are always yours to export.
Compliance Posture
An honest, dated snapshot of where our security and compliance programme stands today. We update this section whenever an item changes status.
Last reviewed: 29 May 2026 · Owner: Deep Singh, FounderGDPR
We process data as a processor on behalf of customer organisations (the controller). DPA available on request. Data export and deletion supported in-app.
CCPA
Customers can request export or deletion of their personal data via support@expiryedge.com. No sale of personal information.
SOC 2 Type I
Scope being defined. Target attestation: Q4 2026. We will publish the auditor and report ID here when complete.
SOC 2 Type II
Will follow approximately 6 months after Type I attestation, covering the 6-month observation window required.
HIPAA
We are not currently a HIPAA Business Associate. Healthcare customers handling PHI should evaluate accordingly. BAA support is on our roadmap.
ISO 27001
Underlying infrastructure (Google Cloud Platform) is ISO 27001 certified. Application-level certification is not yet pursued.
Breach Disclosure Policy
In the unlikely event of a confirmed data breach involving customer data, ExpiryEdge will notify affected account administrators by email within 72 hours of confirmed detection. The notification will include the nature of the breach, the categories of data involved, the steps we have taken to contain it, and the steps customers should take. Notification timing follows GDPR Article 33 guidance.
Responsible Vulnerability Disclosure
If you have discovered a security vulnerability in ExpiryEdge, please report it to security@expiryedge.com. Include reproduction steps, affected URL or component, and your expected impact. We acknowledge reports within 2 business days and aim to provide remediation status within 14 days for critical issues. We do not currently operate a paid bug-bounty programme but will publicly credit researchers (with consent) in this section once we ship a hall-of-fame.
Subprocessors
ExpiryEdge relies on the following subprocessors to deliver the service: Google Cloud Platform (hosting and database), Firebase (authentication), Twilio (SMS), Meta WhatsApp Business API (WhatsApp notifications), Sendgrid (email delivery), Sanity (content management), Stripe (billing). Customers can request an up-to-date list and the data categories processed by each at any time via support@expiryedge.com.
Questions About Security?
We take security seriously and are happy to answer any questions about how we protect your data. Enterprise customers can request additional security documentation.
Security: security@expiryedge.com
Support: support@expiryedge.com