Security

Last updated: 9 March 2026

Company: Mandatry UK Limited

Location: London, United Kingdom

Security contact: info@privacypartners.global

Overview

Mandatry is designed as structural regulatory infrastructure. We implement security measures appropriate for a SaaS and API platform to protect confidentiality, integrity, and availability.

This page is a high-level overview. Additional details can be provided under NDA where required for enterprise procurement.

1. Encryption

  • In transit: HTTPS/TLS is used to protect communications between clients and the Services.
  • At rest: data is stored using encryption-at-rest capabilities provided by our infrastructure providers where available.

2. Access Controls

  • Least privilege access to production systems.
  • Administrative access protected with strong authentication (and multi-factor authentication where supported).
  • Separation between development and production environments.

3. Application Security

  • Secure development practices including code review and controlled releases.
  • Dependency updates and vulnerability remediation processes.
  • Input validation and abuse controls on key endpoints.

4. Monitoring and Logging

  • Service logs and monitoring to support reliability and incident investigation.
  • Rate limiting and quota enforcement for API usage (as applicable).

5. Backups and Recovery

  • We maintain backup and recovery processes appropriate to the Service architecture.
  • Recovery objectives may vary by plan; details available on request.

6. Incident Response

We maintain an incident response process designed to:

  • detect and assess suspected security events,
  • contain and remediate confirmed incidents,
  • notify affected customers where required by law and/or contract.

7. Subprocessors

We rely on vetted infrastructure providers to deliver the Service:

  • Vercel (hosting and delivery)
  • Supabase (database, authentication, and related infrastructure)

8. Responsible Disclosure

If you believe you have identified a security vulnerability, please report it to info@privacypartners.global with steps to reproduce and relevant details. We request good-faith testing and non-disruptive disclosure.

9. Shared Responsibility

Customers are responsible for:

  • managing user access and permissions,
  • protecting API keys and rotating them if exposed,
  • ensuring uploaded content is appropriate and lawful for their use case.

This page is for information only and does not constitute a warranty or legal commitment.