Security

Certifications & Compliance

Infrastructure Security

Our infrastructure is designed with security at every layer:

• Encryption in transit: All API traffic is encrypted using TLS 1.3
• Encryption at rest: All stored data is encrypted using AES-256
• Network security: Firewalls, intrusion detection, and DDoS protection
• Access controls: Role-based access with multi-factor authentication
• Logging & monitoring: Comprehensive audit logs and real-time alerting

Application Security

• Secure development: Security-first development practices and code reviews
• Dependency management: Automated vulnerability scanning of dependencies
• Penetration testing: Regular third-party security assessments
• API authentication: Secure API key management with rate limiting

Data Handling

We are a data provider, not a data collector. The planning data we provide is sourced from publicly available local authority records. We do not:

• Collect personal data from end users
• Store sensitive financial information
• Share customer data with third parties
• Use tracking or advertising technologies

Business Continuity

• Redundancy: Multi-region infrastructure with automatic failover
• Backups: Daily encrypted backups with point-in-time recovery
• Disaster recovery: Documented procedures with regular testing
• Uptime SLA: 99.9% availability commitment

Incident Response

We maintain a documented incident response plan that includes:

• 24/7 monitoring and alerting
• Defined escalation procedures
• Customer notification within 72 hours for data breaches
• Post-incident analysis and remediation

Responsible Disclosure

We welcome security researchers to report vulnerabilities responsibly. If you discover a security issue, please email security@planningapi.uk. We commit to:

• Acknowledge receipt within 24 hours
• Provide regular updates on remediation progress
• Not pursue legal action against good-faith researchers

Contact

For security enquiries or to request our security documentation:

Email: security@planningapi.uk