BeSavvy is deeply committed to the security of data within our platform. You can trust us to keep your account information safe and protected.
Data Encryption & Protection
●
End-to-End Data Encryption. All sensitive data is encrypted in transit using TLS 1.2+ and at rest using AES-256. For additional protection, application-level encryption is applied to critical fields.
●
Secure Data Transmission. All data transmitted over public networks is encrypted using industry-standard protocols to prevent interception and unauthorized access.
Secure Authentication and Access Control
●
Single Sign-On (SSO) Support. BeSavvy supports secure SSO authentication via Google and Microsoft Entra (Azure), reducing the risk of credential-based attacks and ensuring seamless access management.
●
Multi-Factor Authentication (MFA). We enforce MFA for employees and authorized users accessing sensitive systems to prevent unauthorized access.
●
Role-Based Access Control (RBAC). Access to platform resources is restricted based on user roles (Admin, Course Author, Mentor) with granular permission levels (Edit, Comment).
●
Session and Token Security. We use secure session management, including token expiration policies and refresh token rotation, to minimize security risks.
Privacy Protection & Compliance
●
Data Minimization Approach. We collect and process only the data necessary for platform functionality, ensuring users' privacy is respected.
●
GDPR & UK GDPR Compliance. Our data protection policies align with GDPR principles, including user rights to access, modify, and delete their data.
●
Regular Compliance Audits. We conduct internal audits and gap analyses to ensure ongoing adherence to privacy regulations.
●
Data Processing Agreement (DPA). A DPA is available for all enterprise clients. Contact [email protected] to request a copy.
AI & Third-Party Data Handling
●
No AI Training on Client Data. Your data is never used to train AI models — by BeSavvy or any of our AI providers. Client data is used solely to deliver the agreed service.
●
Transparent Sub-Processor List. BeSavvy uses a limited set of vetted sub-processors (including Anthropic for AI inference and AWS for hosting). None of our sub-processors interface with personally identifiable information beyond what is strictly necessary.
●
AI Provider Data Agreements. All AI providers used by BeSavvy operate under data processing terms that prohibit use of submitted data for model training.
●
No Access to Client Internal Systems. BeSavvy does not integrate with your CRM, internal databases, or any systems holding employee or customer personal information.
Regular Security Audits & Testing
●
Signed Data Breach Response Plan. BeSavvy has officially approved and implemented a Data Breach Response Plan, outlining clear procedures for incident detection, response, and regulatory reporting — including ICO notification within 72 hours where required under UK GDPR.
●
Routine Vulnerability Assessments. BeSavvy conducts periodic security audits, penetration testing, and code reviews to identify and mitigate vulnerabilities.
●
Automated Threat Detection. Continuous security monitoring helps us detect and respond to unusual activity in real-time.
Data Backup and Disaster Recovery
●
Automated, Encrypted Backups. We maintain regular automated backups stored securely with AES-256 encryption to prevent data loss.
●
Disaster Recovery Plan (DRP). A documented response strategy ensures quick data restoration and business continuity in case of incidents.
●
Redundancy & Failover Systems. We deploy failover mechanisms to prevent downtime and ensure high availability of services.
User Control & Transparency
●
User Account & Data Management. Users have full control over their accounts, including access to data deletion and modification options.
◐
Privacy Dashboard (Upcoming). We are developing user dashboards to allow better control over data visibility and preferences.
●
Transparent Privacy & Terms. Our Privacy Policy and Terms of Service clearly outline data collection, usage, and security practices.
Compliance with Industry Standards
●
UK Cyber Essentials Certified. BeSavvy holds active UK Cyber Essentials certification, independently verified against the government-backed cybersecurity standard. Contact us for certificate details.
◐
SOC 2 Controls Implemented. Although BeSavvy has not yet completed a formal SOC 2 audit, all five Trust Service Criteria — Security, Availability, Processing Integrity, Confidentiality, and Privacy — are addressed by controls already in place across our infrastructure, access management, and data handling practices. Formal SOC 2 Type II certification is on our roadmap.
◐
Security Framework Alignment. Our security measures are designed in line with ISO 27001 and NIST CSF best practices, covering risk management, access control, incident response, and continuous monitoring.
◐
ISO 27001 Roadmap. We are working toward ISO 27001 certification as the next milestone in our compliance programme.
Commitment to Ongoing Improvement
●
Adaptive Security Strategies. BeSavvy evolves its security measures in response to emerging cyber threats and industry advancements.
●
Continuous Security Enhancements. We implement improvements based on the latest research, best practices, and regulatory changes.