01Reliability & security
This is the page for your security and platform teams. How the suite holds up under failure, how we ship updates without dropping a request, how data is protected in transit and kept in Europe, and where it all runs. The mechanisms behind the claims — written for people who want the detail.
02what keeps it standing
“How likely is it to break on me?” is the question this page exists to answer. Below is the machinery — redundancy, failover, edge protection and a delivery pipeline — that together keep the suite serving even when individual parts don’t.
// every mechanism here is in production, not on a roadmap.
All ingress passes a Cloudflare web application firewall with volumetric DDoS protection and real-time attack detection before it reaches an app.
Dynamic load balancing spreads traffic across instances and scales capacity up or down on a live deployment — no maintenance window, no user disruption.
HTTPS from device to server, encrypted in transit the whole way — with TLS certificates rotated automatically every 60 days.
Beyond live redundancy, data is replicated to two geographically separate EU backup sites. A lost primary is a restore, not a disaster.
resilience
Every workload runs in triplicate across independent nodes. If one drops, traffic is already on the other two — no cold start, no manual cutover.
resilience
Under partial failure or a load spike, non-critical paths shed first while the core keeps serving. The system is built to bend before it breaks.
security
Development, testing and production are fully isolated, with tight access control enforced internally too. Least privilege is the default, not a setting.
delivery
Every change ships through an automated pipeline with encrypted secrets management — no credentials in code, no hand-edited production.
03zero-downtime delivery
We deploy continuously. Each new build is brought up alongside the running one and has to pass its own health checks before it takes a single request. Only then does routing switch atomically — the old version drains while the new one serves, so updates don’t interrupt anyone mid-task.
// If a health check fails, traffic never moves and the release is held — the running version simply keeps serving.
A new version boots beside the live one, fully isolated.
It must pass its own checks before receiving any traffic.
Routing flips in a single step — no half-served requests.
The old version finishes in-flight work, then steps down.
04systems architecture
Most platforms scatter a single request across a dozen network services. Ours doesn’t. Our Vertical Slice Micro-Monolith keeps each capability’s logic together and cuts the network hops between them — lower latency, a smaller failure surface, and far less that can go wrong in the gaps between services.
Each feature owns its full slice end to end, so there’s no fragile web of cross-service calls to keep alive.
Fewer hops between components means lower latency and fewer independent things that can fail mid-request.
The same architecture deploys to our European cloud, your own on-prem hardware, or a hybrid — with automatic failover and recovery built in.
// on-prem, EU cloud, or hybrid — same architecture, your choice of ground.
// request path comparison
05frameworks we map against
Every deployment ships mapped against the frameworks that constrain your organisation. We bundle the artifacts your DPO and auditors expect — the DPIA, the SBOM, the audit-log spec and a documented exit plan.
General Data Protection Regulation
Purpose-binding, data minimisation, right-to-erasure and a DPIA scoped to your data flows — ready to inspect on day one.
EU Artificial Intelligence Act
Risk classification, transparency and human-oversight controls documented per use case, tracked as the Act phases in.
Network & Information Security Directive 2
Security-of-operations and incident-handling controls for essential and important entities, aligned to your obligations.
Digital Operational Resilience Act
ICT-risk register entries, resilience testing and a third-party exit plan for regulated financial entities.
06data residency & sub-processors
On self-hosted deployments your data never leaves your hardware. On our European cloud it stays on EU-resident infrastructure under European jurisdiction. US frontier model APIs are optional — only for inference, and only if you choose to enable them.
Customer data — documents, files, backups, audit logs — stored and processed in the EU. Always.
Open-weight models on EU infrastructure by default; no US provider required.
Optional US frontier models (Claude, GPT, Gemini) — opt-in only, with non-retention contracts.
A documented exit plan: your data, your runtime, your keys — handed over on request.
// Full, current sub-processor register available on request.
07responsible disclosure
We welcome reports from security researchers and treat them as a priority. Report a suspected vulnerability and we’ll acknowledge it quickly and keep you updated through to resolution — no legal threats for good-faith research.
// policies
due diligence
Whether you need a DPIA, the sub-processor register, our resilience and DR posture, or a per-control mapping against your framework, we'll send it back — and put you on a call with the people who actually run these systems. No NDA to start.