Security

Security at Checkio.

Verification infrastructure handles sensitive data. We treat security as a core product requirement, not an afterthought.

Encryption

All data encrypted in transit (TLS 1.3) and at rest (AES-256). API keys hashed, never stored in plaintext.

Infrastructure

ISO 27001-certified hosting within UK and EEA. Regular penetration testing and vulnerability assessments.

Access control

Role-based access across the platform. MFA available for all accounts. Audit logging on all API activity.

Monitoring

24/7 infrastructure monitoring with automated alerting. Defined SLAs for incident response.

Key management

API keys are scoped, rotatable, and environment-separated. Granular permissions per service.

Compliance

GDPR and UK DPA compliant. Data processing agreements available. Regular third-party audits.

Cyber Essentials certified

Checkio is certified under Cyber Essentials, the UK government-backed scheme that verifies protection against the most common cyber attacks. Our certification is independently verified and can be checked on the official registry via the badge.

Responsible disclosure

If you discover a security vulnerability in Checkio, please report it responsibly to security@checkio.co.uk. We take all reports seriously and will respond within 48 hours.