Security Overview
Effective Date: 15 July 2026
Our Commitment to Security
Security is foundational to everything we build at Droblet. We implement industry-leading measures to protect your data, your declarations, and your business.
Infrastructure Security
Encryption at Rest
Personal data (account details and contact information) is encrypted at rest using AES-256-GCM.
Encryption in Transit
Database connections are encrypted using TLS (sslmode=require).
UK-Based Hosting
Data is hosted on Amazon Web Services in the London region (eu-west-2).
Audit Logging
Access to personal data is recorded in audit logs.
Compliance
- GDPR and UK GDPR compliant
- Personal data encrypted at rest (AES-256-GCM) and in transit (TLS)
- Data hosted on UK-based servers (AWS London, eu-west-2)
We do not currently hold ISO 27001 or SOC 2 certification, and have not yet completed a formal third-party penetration test. We will update this page if that changes.
Vulnerability Disclosure
If you discover a security vulnerability, please report it responsibly to security@droblet.ai. We will acknowledge your report within 48 hours.
Contact
Security Team: security@droblet.ai
Data Protection: privacy@droblet.ai