GDPR Data Protection
Stannp processes personal data as a Data Processor on behalf of business clients in compliance with UK GDPR and the Data Protection Act 2018. We implement appropriate technical and organisational measures including encryption, regular audits, penetration testing, and strict access controls to protect personal data. All personal data is stored exclusively within the EEA, and customers retain full control with the ability to delete data at any time while we support all UK GDPR data subject rights.
Acceptable Use
Stannp maintains strict acceptable use policies requiring unique user credentials for all system access, with all customer data classified as confidential. Employees are prohibited from storing customer data on unauthorised equipment, and all company devices have mandatory automated antivirus software that cannot be disabled. System logging and monitoring occur in accordance with UK Data Protection Act 2018, with all breaches investigated and subject to disciplinary action.
Record Retention
We retain records only for legitimate business reasons in compliance with UK GDPR, with a standard retention period of three years (customizable based on client requirements). All data is stored on cloud-based servers in Ireland with 256-bit AES encryption at rest and TLS 1.2/1.3 in transit. Periodic reviews verify data necessity, with secure disposal through professional shredding for paper records and complete data removal preventing reconstruction for electronic records, all fully documented.
Business Continuity and Disaster Recovery
Our comprehensive plans ensure rapid recovery with RTOs of 30 minutes for critical platform services and databases, supported by frequent backups including transaction logs every 5 minutes. All backups are encrypted and stored in geographically separated EEA server regions, with testing conducted every 6 months and full annual recovery validation. We maintain a 99%+ uptime SLA through redundant systems, with documented procedures and regular training ensuring preparedness.
Multi-Factor Authentication
Multi-factor authentication (MFA) is mandatory on all systems without exception, using time-based one-time passwords (TOTP) or authentication applications combined with strong password requirements. Session timeouts of 1 hour for applications and 3 hours for administrative access integrate with MFA, requiring full re-authentication. This universal implementation supports compliance with UK GDPR, ISO 27001, PCI-DSS, and industry best practices for authentication security.