Security and privacy controls designed for fleet, energy and charging data. Access our certifications, policies, and technical safeguards.
The standards we hold and align to, giving you confidence that security isn't an afterthought.
The technical and organisational measures in place across our platform and operations.
Customer data is encrypted at rest using AES-256 and protected in transit using TLS. Database backups and sensitive records are encrypted.
Customer data is logically separated and access controlled. Personal information is only processed for defined purposes required to deliver our services.
Daily automated backups with point-in-time recovery. Restoration tested quarterly. RTO < 4 hours.
Regular automated vulnerability scans. Annual third-party penetration testing.
Hosted on AWS infrastructure with customer environments protected through network controls, monitoring, encryption and secure cloud configuration practices.
All staff complete mandatory security training on joining and annually thereafter - phishing, data handling, safe working practices.
MFA is mandatory for all staff accessing business systems, administrative tools and cloud infrastructure.
Access to systems and customer data is restricted based on job responsibilities using role-based permissions and least privilege principles. Access is reviewed regularly.
Application and infrastructure monitoring helps detect issues, investigate events and maintain platform reliability.
Charger, vehicle and energy supplier integrations use secure authentication methods with controlled access and data exchange.
Documented incident response plan. Data breaches reported to the ICO within 72 hours and affected customers without undue delay.
Code reviewed before merging, dependencies monitored for known vulnerabilities, and secrets never committed to version control.
We conduct due diligence on every sub-processor and maintain DPAs where required by UK GDPR.
| Vendor | Purpose | Data Processed | Processing Location | Safeguard |
|---|---|---|---|---|
| Amazon Web Services | Infrastructure | Customer data hosted within Rightcharge platform | UK/ EU | EU region, DPA in place |
| Google Workspace | Internal comms | Business communications and documents | UK | EU Standard Contractual Clauses |
| GoCardless | Payment collection | Billing and payment information | UK / EU | PCI-DSS Level 1, DPA in place |
| HubSpot | CRM | Customer relationship information | UK / EU | EU Standard Contractual Clauses |
| Mapbox | Map services | Charging location data | UK | Data minimisation, DPA in place |
| PostHog | Product Analytics | User identifiers and application usage data | EU | EU Standard Contractual Clauses |
| Zendesk | Customer support | Support conversations | UK / EU | EU Standard Contractual Clauses |
| Klaviyo | Transactional Email | Email address and transactional communication data | EU | EU Standard Contractual Clauses |
Download our public policies or request restricted documents for your procurement review.