Security Compliance Dossier
Effective Date: 15 July 2026
Overview
This dossier provides enterprise clients with detailed information about Droblet's security controls, compliance posture, and data protection practices for vendor assessment purposes.
Compliance Posture
GDPR / UK GDPR
Full compliance with EU and UK data protection regulations.
Encryption
Personal data encrypted at rest with AES-256-GCM; database connections encrypted in transit with TLS (sslmode=require).
UK Data Residency
Data stored and processed on UK-based infrastructure (AWS London, eu-west-2).
Droblet does not currently hold ISO 27001, SOC 2, or PCI DSS certification, and has not yet completed a formal third-party penetration test. We will update this dossier as our certification programme progresses.
Data Handling Controls
- Personal data encrypted at rest using AES-256-GCM
- Database connections encrypted in transit using TLS (sslmode=require)
- Data hosted on UK-based servers (AWS London, eu-west-2)
- Least-privilege access to personal data, recorded in audit logs
- Data retained in line with legal requirements, then anonymised or deleted
Requesting Full Documentation
Enterprise clients may request our security and data-protection documentation under NDA.
Security Team: security@droblet.ai