Trust Centre

Security

Our security practices are designed around common controls for B2B SaaS and analytics platforms. We continuously improve them as the product and threat landscape evolve.

Secure infrastructure

• Production workloads run on leading cloud providers with network segmentation, hardened configurations, and backups appropriate for business continuity.
• Firewalls, secure connectivity, and monitoring help limit exposure to unauthorised access.

Encryption & data protection

• Data in transit is protected with modern TLS (TLS 1.2+).
• Data at rest uses industry-standard encryption (for example AES-256 or equivalent) via our cloud providers and managed services.
• Key management follows provider best practices and least-access principles.

Access control & identity

• Role-based access and least-privilege policies for internal systems and production environments.
• Strong authentication for personnel with access to production or customer data, including multifactor authentication where applicable.
• Customer-facing authentication integrates with our identity stack; we encourage customers to enforce SSO and strong password policies where available.

Application & vulnerability management

• Secure development practices, including code review, dependency updates, and automated testing where appropriate.
• Vulnerability scanning and remediation workflows; security tooling to surface risks early.

Monitoring, logging & incident response

• Centralised logging and monitoring for application and infrastructure signals.
• Documented incident response: triage, containment, investigation, remediation, and customer notification when required by law or contract.

Compliance & governance

PredictEasy is used globally. Customers remain responsible for how they classify their own data (including any regulated datasets) and for meeting their legal and contractual obligations.

• Privacy regulations: We aim to support customers subject to GDPR and similar frameworks through our Privacy Policy, data-processing terms where agreed, and product features (e.g. access controls, export, deletion requests handled per policy).
• Industry frameworks: Formal certifications (such as SOC 2 Type II) may be pursued or expanded over time. When available, summaries or reports can be shared with customers under confidentiality. Ask us for the current status.
• Customer agreements: Specific security, data-processing, or BAA requirements are addressed in your order form, DPA, or other written agreement—not solely on this page.

Privacy & data handling

We maintain a separate Privacy Policy that describes collection, use, and disclosure of information in connection with our website and services. Key principles:

• Roles: For workspace and product data, PredictEasy typically acts as a processor (or service provider) on behalf of the customer organisation, which determines the purposes of processing. For website visitors and marketing contacts, we may act as an independent controller as described in the Privacy Policy.
• Your datasets: Data you connect, upload, or analyse in PredictEasy is processed to provide the service (analytics, workflows, collaboration) and for security, reliability, and abuse prevention as described in our legal terms.
• Retention & location: Retention and hosting regions depend on your plan, configuration, and infrastructure. Contact us for details relevant to your deployment.

AI & analytics

PredictEasy includes ML and AI-assisted features to speed up analysis and modelling.

• Features are scoped to the workflows you run inside the product (for example training models on datasets you provide, generating insights you request).
• We do not use your confidential datasets to train third-party foundation models for those vendors' own products unless you have agreed otherwise in writing.
• Where we use subprocessors for AI or inference, they are bound by contractual terms consistent with their role and our agreements with customers.
• Outputs support business decisions; customers remain responsible for validation, compliance, and any downstream use of results.

Subprocessors & partners

We rely on vetted infrastructure and service partners, for example:

• Cloud hosting, databases, and object storage
• Authentication, email, and customer communications
• Observability, error reporting, and product analytics (configured to minimise unnecessary personal data)
• Payment processing where applicable

Partners with access to customer data are required to meet appropriate security and confidentiality obligations. For a current subprocessor list or DPA questions, contact support@predicteasy.com.