Skip to main content
Trust Center

Security & Compliance

Transparency for procurement teams, enterprise customers, and compliance officers. Everything you need to assess SummitBridge Horizon as a data processor.

Security Controls

Data Encryption

AES-256 at rest · TLS 1.3 in transit

Infrastructure

Hostinger (Almanya, EU) · ISO 27001 certified DC

Data Residency

EU & UK — no third-country transfers without SCCs

Authentication

TOTP MFA available · bcrypt password hashing

Backup

Daily encrypted backups · 30-day retention

Incident Response

72h ICO notification · NIS2-aligned IR plan

Compliance Status

UK GDPR

ICO registered · Privacy notice current

Compliant

ICO Registration

Data controller registration active — ico.org.uk

ZC112810

UK GDPR Art. 28 DPAs

All processors covered by signed DPAs

In place

Cookie Compliance

PECR-aligned consent management

Compliant

Companies House

Co. No. 16419201 · Confirmation statement current

Up to date

PCI DSS

No card data stored — Stripe handles all payments

N/A

Frequently Asked Questions

Where is my data stored?

All customer data is stored on Hostinger infrastructure located in Frankfurt, Germany (EU). We do not transfer personal data outside the UK/EU without appropriate safeguards.

Who has access to customer data?

Only authorised SummitBridge Horizon personnel with a documented business need. All access is logged. We do not sell data to third parties under any circumstances.

How do you handle a data breach?

We follow our documented Incident Response Plan. Affected customers are notified within 72 hours. Where required, the ICO is also notified within the statutory 72-hour window.

Can I get a Data Processing Agreement (DPA)?

Yes. If you are a controller using SummitBridge services, a compliant GDPR Art. 28 DPA is available on request. Contact [email protected].

Do you conduct penetration testing?

Yes. Annual penetration testing is conducted by a CREST-accredited provider. An executive summary of the most recent test results is available to enterprise customers under NDA.

What subprocessors do you use?

Key subprocessors: Stripe (payments, US — SCCs in place), Resend (email delivery, EU), Hostinger (infrastructure, EU), Anthropic (AI features, US — data minimised, no training on customer data).

Need More Information?

For security questionnaires, DPA requests, penetration test summaries, or vendor due diligence enquiries:

SummitBridge Horizon Ltd · Co. No. 16419201 · ICO Reg: ZC112810 · 71-75 Shelton St, London WC2H 9JQ

Data processed in: UK (Hostinger London) + EU (Hostinger Germany) · Payments: Stripe (PCI DSS) · AI: Anthropic (SCCs applied)