Technical Trust & Security

• Data residency: All customer data stored in UK (London, Google Cloud). No data leaves the UK.
• Encryption: AES-256 envelope encryption for driver PII. Data masked on screen. Only authorised personnel can decrypt.
• Audit integrity: Cryptographically chained ticket ledger designed to make tampering mathematically detectable. Verification processes available.
• Tenant isolation: Row-level security ensures no customer can accidentally access another’s data. Continuously tested.
• Compliance mapping: Our system aligns with Defra’s Digital Waste Tracking data model and tripartite liability requirements. Full compliance matrix available under NDA.
• Infrastructure: Google Cloud Run, PostgreSQL 16, Pub/Sub for reliable Defra submission. Secrets managed via Google Secret Manager.
• Penetration testing: External security review commissioned. Executive summary available on request.

To request our full security pack, contact security@wastesync.co.uk (NDA required).