Security Center

Enterprise-Grade Trust & Security

At knoq, security and data protection are at the core of everything we do. Our platform is designed in alignment with industry best practices and UK regulatory requirements.

We implement strong encryption, access controls, and continuous monitoring to ensure your operations and employee data remain secure at all times. knoq is fully compliant with UK GDPR and the Data Protection Act 2018, and follows recognised standards such as ISO 27001 and SOC 2 frameworks.

🔐 Data Protection

  • In Transit: All data transferred to and from our platform is encrypted using TLS 1.2 or higher over HTTPS.
  • At Rest: Data is encrypted at rest using industry-standard AES-256 encryption.
  • Isolation: Multi-tenant isolation at the database level ensures cross-client data leakage is impossible.

👤 Access Control

  • RBAC: Comprehensive Role-Based Access Control allowing granular permission management.
  • MFA: Multi-Factor Authentication enforcement available for all administrative identities.
  • Session Management: Strict session timeouts and device control logs.

🧾 Privacy & Compliance

  • UK GDPR: Full alignment and compliance with the UK General Data Protection Regulation.
  • DPA 2018: Strict adherence to the Data Protection Act 2018.
  • Minimisation: We employ strict data minimisation principles—collecting only what is absolutely necessary.

🛡️ Infrastructure Security

  • Hosting: Secure cloud infrastructure physically located within the UK/EU (AWS/Azure).
  • DDoS & WAF: Enterprise-grade firewalls and network isolation protecting against DDoS attacks.
  • Monitoring: 24/7/365 active server monitoring, logging, and intrusion detection systems.

🧪 Security Testing

  • Vulnerability Scanning: Weekly automated scans of the entire knoq codebase.
  • Penetration Testing: Annual manual penetration testing by certified third-party UK security firms.
  • Code Reviews: Strict Secure Development Lifecycle (SDLC) involving mandatory peer reviews.

🚨 Incident Response

  • Defined Plans: Executive-level documented incident response plan.
  • 72-Hour Notification: Legal commitment to breach notification within 72 hours as mandated by GDPR.
  • Disaster Recovery: Geo-redundant continuous backups to ensure immediate business continuity.

Require our full Security Whitepaper?

Enterprise clients can request access to our full SOC 2 / ISO 27001 readiness evaluation and penetration testing results under NDA.

Contact Security Team