Trust

Security & compliance.

Built to clear procurement and information-security review at FTSE 250 customers.

Data sources

Fulcrums uses public Companies House data only, registered under the Open Government Licence v3. We hold no insider information, no consumer PII, and no payment data.

Authentication

OAuth 2.0 with optional SSO via Okta or Azure AD. Per-user audit logs of every search, alert and report.

Encryption

TLS 1.2+ in transit. AES-256 at rest. API keys hashed in storage and never returned after first reveal.

Hosting

AWS eu-west-2 (London). Daily snapshot backups with 30-day retention. Infrastructure-as-code (Terraform) audited monthly.

Compliance

GDPR compliant; UK ICO registered. SOC 2 Type 1 in progress. We will share our security questionnaire and policies under NDA on request.

Responsible disclosure

Security researchers, please email security@fulcrums.co.uk. We do not pursue good-faith research within scope.