Security

Your data is safe with us.

Enterprise-grade security built for regulated industries. GDPR compliant, UK-based, and audited.

End-to-End Encryption

All data encrypted in transit and at rest

UK-Based Hosting

Data stored in secure UK data centres

FCA Compliant

Built for financial services compliance

Data Protection

UK GDPR Compliance

Full compliance with UK data protection regulations. Data is stored and processed in accordance with UK GDPR requirements.

Data Encryption

AES-256 encryption for data at rest. TLS 1.3 for data in transit. All call recordings and customer data are encrypted.

Data Retention

Configurable retention policies. Automatic deletion after specified periods. You control how long data is stored.

Data Sovereignty

All customer data is stored exclusively in UK-based AWS data centres. Your data never leaves the UK.

FCA Compliance

Automotive dealerships selling finance products are regulated by the Financial Conduct Authority (FCA). Harzand is built to help you maintain compliance:

Call Recording & Storage

Automatic recording and secure storage of all customer interactions. Meets FCA requirements for record-keeping.

Treating Customers Fairly (TCF)

AI trained to provide clear, accurate information. Consistent service across all customer interactions.

Audit Trail

Complete audit logs of all AI interactions. Timestamped transcripts and metadata for compliance reviews.

Clear & Not Misleading

AI responses are designed to be transparent, accurate, and compliant with FCA communication standards.

Access Control & Authentication

Role-Based Access Control (RBAC)

Granular permissions for different team members. Admins, managers, and users have appropriate access levels.

Multi-Factor Authentication (MFA)

Optional two-factor authentication for enhanced account security.

Session Management

Automatic session timeouts. Secure token-based authentication.

Infrastructure Security

AWS Infrastructure

Hosted on Amazon Web Services (AWS) UK region. Enterprise-grade infrastructure with 99.9% uptime SLA.

DDoS Protection

Built-in DDoS mitigation through AWS Shield. Protection against network and application-layer attacks.

Regular Backups

Automated daily backups with point-in-time recovery. 30-day backup retention.

Network Security

Firewalls, intrusion detection, and network segmentation to protect against threats.

Monitoring & Incident Response

24/7 Monitoring

Continuous monitoring of systems, networks, and applications for security threats.

Security Incident Response

Documented incident response procedures. Rapid response to security events.

Vulnerability Management

Regular security assessments and penetration testing. Prompt patching of identified vulnerabilities.

Breach Notification

In the unlikely event of a data breach, we will notify affected customers within 72 hours as required by UK GDPR.

Third-Party Security

We integrate with trusted third-party services that meet our security standards:

  • Salesforce: Enterprise CRM with SOC 2 Type II certification
  • Keyloop: Automotive DMS with industry-standard security
  • AWS: ISO 27001, SOC 1/2/3 certified infrastructure

All third-party vendors undergo security assessments before integration.

Have a security question?

We're happy to discuss our practices or provide documentation for your compliance team.

Contact us