Security
Security at Checkio.
Verification infrastructure handles sensitive data. We treat security as a core product requirement, not an afterthought.
Encryption
All data encrypted in transit (TLS 1.3) and at rest (AES-256). API keys hashed, never stored in plaintext.
Infrastructure
ISO 27001-certified hosting within UK and EEA. Regular penetration testing and vulnerability assessments.
Access control
Role-based access across the platform. MFA available for all accounts. Audit logging on all API activity.
Monitoring
24/7 infrastructure monitoring with automated alerting. Defined SLAs for incident response.
Key management
API keys are scoped, rotatable, and environment-separated. Granular permissions per service.
Compliance
GDPR and UK DPA compliant. Data processing agreements available. Regular third-party audits.
Cyber Essentials certified
Checkio is certified under Cyber Essentials, the UK government-backed scheme that verifies protection against the most common cyber attacks. Our certification is independently verified and can be checked on the official registry via the badge.
Responsible disclosure
If you discover a security vulnerability in Checkio, please report it responsibly to security@checkio.co.uk. We take all reports seriously and will respond within 48 hours.