FairLedger's customers are regulated. FairLedger's own controls are built to the standard those customers will be asked about in their next third-party assurance cycle.
A downloadable security overview is available on request during the discovery call.
All customer data resides in UK cloud regions. No cross-region replication outside the UK for production data. Backup and disaster-recovery topology is UK-only by design.
ICO registration as Data Controller and Data Processor is being completed prior to first customer go-live. Data Protection Impact Assessment maintained. Data Subject Access Request workflow implemented. Sub-processor register maintained and disclosed on request.
Third-party assurance, outsourcing and operational-resilience obligations sit on our customers. Our own operating discipline is calibrated to what those obligations require of the providers they work with.
TypeScript/Node back end, PostgreSQL analytics store, configurable rules-and-metrics engine, secure file and API ingestion, automated report generation. Hosted on AWS UK regions with per-tenant data isolation and infrastructure-as-code deployment — the same disciplines applied to secure public-sector systems the founder has delivered in production.
Professional indemnity and cyber liability cover is in force at limits appropriate to a supplier serving FCA-authorised firms. Certificates are provided during procurement due diligence.
Only the data the fair-value and products-and-services calculations require.
Data is aggregated and anonymised at the earliest point in the pipeline where analytically viable.
Every data touch is logged. Logs are append-only and tenant-scoped.
AES-256 at rest, TLS 1.3 in transit, tenant-scoped keys for multi-tenant isolation.
Route it through the discovery call — the founder will handle it directly and confirm timelines for supporting artefacts.