Your data belongs to you. We just look after it.
Security isn't a feature — it's the foundation. Here's how we protect your driving school's data at every layer.
UK data residency
All data is stored in London (AWS eu-west-2) via Neon. Nothing leaves the UK. Cloudflare provides DNS, DDoS protection, and a Web Application Firewall in front of every request.
Database-level isolation
Every row in the DSM database is tenant-isolated with Postgres Row-Level Security. Database triggers prevent cross-tenant writes even with compromised credentials. No tenant can ever see another tenant's data — the database itself enforces it.
Application security
Session cookies use the __Host- prefix (Secure, HttpOnly, SameSite=Strict). Multi-factor authentication on all admin and instructor accounts. PII is redacted from error logs before they leave the server. All API inputs are validated with Zod schemas.
Compliance
Cyber Essentials certified. ICO registered under UK GDPR. Penetration tested before public launch. We maintain a publicly-accessible security.txt file at /.well-known/security.txt with our vulnerability disclosure policy.
Operational security
Quarterly backup restore drills. Incident response plan. Audit logs on every sensitive action — who did what, when, from which IP. You can request your audit log at any time.
Transparency
We publish our platform status at /status. We report incidents publicly. Your data is yours — export it as CSV and leave whenever you want. We'll delete your data within 30 days of your request.
Trust badges
Questions about security?
We're happy to talk through our architecture in detail. No marketing fluff — just the technical reality.
Ask us anything