— Security & Trust

Your data is safe with Rightcharge

Security and privacy controls designed for fleet, energy and charging data. Access our certifications, policies, and technical safeguards.

Cyber Essentials PlusCertified
GDPRAligned
AWS HostedUK/EU Infrastructure
EncrpytionAt rest and in transit
Trust centre last reviewed June 2026. We review our security posture quarterly.

Certifications & frameworks.

The standards we hold and align to, giving you confidence that security isn't an afterthought.

🛡️
Cyber Essentials Plus
Independently assessed security controls covering devices, access management, malware protection and vulnerability management.
Certified
🇪🇺
UK GDPR
We process personal data in line with UK and EU GDPR requirements, supported by Data Processing Agreements, controlled subprocessors, and documented retention practices.
Aligned
📋
Security Governance
Rightcharge maintains documented security policies, internal controls, and operational processes to protect customer data.
Available on Request
ISO 27001 Roadmap
Rightcharge is working towards ISO 27001 certification as part of our ongoing commitment to strengthening our information security management practices as we scale.
Practices Aligned

How we protect your data.

The technical and organisational measures in place across our platform and operations.

🔐

Encryption at Rest & in Transit

Customer data is encrypted at rest using AES-256 and protected in transit using TLS. Database backups and sensitive records are encrypted.

👤

Data Privacy & Isolation

Customer data is logically separated and access controlled. Personal information is only processed for defined purposes required to deliver our services.

🔄

Backups & Recovery

Daily automated backups with point-in-time recovery. Restoration tested quarterly. RTO < 4 hours.

🛡️

Vulnerability Management

Regular automated vulnerability scans. Annual third-party penetration testing.

☁️

Cloud Infrastructure

Hosted on AWS infrastructure with customer environments protected through network controls, monitoring, encryption and secure cloud configuration practices.

🎓

Security Awareness Training

All staff complete mandatory security training on joining and annually thereafter - phishing, data handling, safe working practices.

🔑

Multi-Factor Authentication

MFA is mandatory for all staff accessing business systems, administrative tools and cloud infrastructure.

👤

Role-Based Access Control

Access to systems and customer data is restricted based on job responsibilities using role-based permissions and least privilege principles. Access is reviewed regularly.

☁️

Monitoring & Logging

Application and infrastructure monitoring helps detect issues, investigate events and maintain platform reliability.

☁️

Secure Integrations

Charger, vehicle and energy supplier integrations use secure authentication methods with controlled access and data exchange.

📋

Incident Response

Documented incident response plan. Data breaches reported to the ICO within 72 hours and affected customers without undue delay.

📦

Secure Development Lifecycle

Code reviewed before merging, dependencies monitored for known vulnerabilities, and secrets never committed to version control.

Third-party vendors we use.

We conduct due diligence on every sub-processor and maintain DPAs where required by UK GDPR.

VendorPurposeData ProcessedProcessing LocationSafeguard
Amazon Web ServicesInfrastructureCustomer data hosted within Rightcharge platformUK/ EUEU region, DPA in place
Google WorkspaceInternal commsBusiness communications and documentsUKEU Standard Contractual Clauses
GoCardlessPayment collectionBilling and payment informationUK / EUPCI-DSS Level 1, DPA in place
HubSpotCRMCustomer relationship informationUK / EUEU Standard Contractual Clauses
MapboxMap servicesCharging location dataUKData minimisation, DPA in place
PostHogProduct AnalyticsUser identifiers and application usage dataEUEU Standard Contractual Clauses
ZendeskCustomer supportSupport conversationsUK / EUEU Standard Contractual Clauses
KlaviyoTransactional EmailEmail address and transactional communication dataEUEU Standard Contractual Clauses

Policies & documentation.

Download our public policies or request restricted documents for your procurement review.

📄 Public Document
Security Overview
We maintain a security and privacy programme designed to support compliance with applicable data protection requirements, including UK GDPR and the Data Protection Act 2018.
Updated January 2026
View Policy ↗
🛡️Certification
Cyber Essentials Plus Certification
We are Cyber Essentials Plus certified, demonstrating independently verified technical security controls across our systems, infrastructure and operations.
Updated November 2025
View Certificate ↗
📄 Public Document
Privacy Policy
How we collect, use, and protect personal data in line with UK GDPR and the Data Protection Act 2018.
Updated June 2025
View Policy ↗
📄 Public Document
Terms of Service
The legal terms governing use of the Rightcharge platform and services.
Updated May 2026
View Terms ↗
📄 Public Document
Data Protection Policy
Learn how we protect personal data through privacy-by-design practices, secure processing, retention controls, and GDPR-aligned procedures.
Updated on October 2025
View Policy ↗
🔒 On Request
Data Retention Policy
How long we retain customer, driver and charging data, including deletion and lifecycle controls.
Available on request
🔒 On Request
Information Security Policy
We maintain a documented information security programme covering access management, data protection, supplier security, incident response and operational controls.
Available on request
🔒 On Request
Vulnerability Assessment Summary
Executive summary of third-party vulnerability assessments, including scope, findings overview and remediation status.
Available under NDA
🔒 On Request
Business Continuity Plan
Our approach to maintaining operations and recovering from incidents, including RTOs and RPOs.
Available on request