Everything
verifiable.
Company numbers. ICO registration. Insurance. Data flows. Every claim on this site can be checked against a public record.
Company
- Registered nameSifotech UK Ltd
- Companies HouseIncorporating — May 2026 (number on request)
- JurisdictionEngland & Wales
- Registered officeDewsbury, West Yorkshire
Data protection
- ICO registrationRegistration pending
- RegulationUK GDPR + DPA 2018
- Data residencyUK / EU regions
- DPO contacthello@sifotech.co.uk
Insurance
- Professional indemnityActive
- Public liabilityActive
- Cyber liabilityActive
- CertificatesOn request
Certifications
- Cyber EssentialsIn progress
- ISO 27001Planned 2026
- DTAC alignmentNHS-ready
- SOC 2On roadmap
Six principles.
Non-negotiable.
UK / EU hosted
Production data lives in UK and EU regions only. No US data residency unless you explicitly opt in.
Encrypted at rest
AES-256 on every database volume, object store and backup. Keys managed by our hosting + database providers' KMS.
Encrypted in transit
TLS 1.3 everywhere. HSTS preloaded. Internal service-to-service calls over private networks.
Role-based access
Row-level security on every multi-tenant table. Least-privilege roles. MFA required for production access.
Audit-logged
Every mutation logged with actor, timestamp, IP and payload diff. Logs retained 90 days minimum.
Deleted on request
Full data export within 30 days. Hard delete within 30 days of request. Confirmation in writing.
Found a vulnerability?
We take security reports seriously. Acknowledge within 24 hours, triage within 72. No legal action against good-faith researchers operating under our policy.
Where your data goes.
Categories of third parties we use, what they do, and where they store data. Named subprocessors are disclosed in the DPA at contract — available on request under NDA.
Procurement team
ask away.
DPA template, security questionnaire, insurance certificates — we keep them on hand and respond within one working day.
Email procurement