Security Overview

Effective Date: 15 July 2026

Our Commitment to Security

Security is foundational to everything we build at Droblet. We implement industry-leading measures to protect your data, your declarations, and your business.

Infrastructure Security

Encryption at Rest

Personal data (account details and contact information) is encrypted at rest using AES-256-GCM.

Encryption in Transit

Database connections are encrypted using TLS (sslmode=require).

UK-Based Hosting

Data is hosted on Amazon Web Services in the London region (eu-west-2).

Audit Logging

Access to personal data is recorded in audit logs.

Compliance

  • GDPR and UK GDPR compliant
  • Personal data encrypted at rest (AES-256-GCM) and in transit (TLS)
  • Data hosted on UK-based servers (AWS London, eu-west-2)

We do not currently hold ISO 27001 or SOC 2 certification, and have not yet completed a formal third-party penetration test. We will update this page if that changes.

Vulnerability Disclosure

If you discover a security vulnerability, please report it responsibly to security@droblet.ai. We will acknowledge your report within 48 hours.

Contact

Security Team: security@droblet.ai

Data Protection: privacy@droblet.ai