Security Compliance Dossier

Effective Date: 15 July 2026

Overview

This dossier provides enterprise clients with detailed information about Droblet's security controls, compliance posture, and data protection practices for vendor assessment purposes.

Compliance Posture

GDPR / UK GDPR

Full compliance with EU and UK data protection regulations.

Encryption

Personal data encrypted at rest with AES-256-GCM; database connections encrypted in transit with TLS (sslmode=require).

UK Data Residency

Data stored and processed on UK-based infrastructure (AWS London, eu-west-2).

Droblet does not currently hold ISO 27001, SOC 2, or PCI DSS certification, and has not yet completed a formal third-party penetration test. We will update this dossier as our certification programme progresses.

Data Handling Controls

  • Personal data encrypted at rest using AES-256-GCM
  • Database connections encrypted in transit using TLS (sslmode=require)
  • Data hosted on UK-based servers (AWS London, eu-west-2)
  • Least-privilege access to personal data, recorded in audit logs
  • Data retained in line with legal requirements, then anonymised or deleted

Requesting Full Documentation

Enterprise clients may request our security and data-protection documentation under NDA.

Security Team: security@droblet.ai