Threatwhere is relied upon in hostile environments where the confidentiality and integrity of information cannot be compromised. We protect the data you entrust to us to the same standard as the intelligence we deliver.
UK & EU
Data residency
In transit & at rest
Always encrypted
Per organisation
Strict isolation
Never sold
Never used to train AI
The same standard of protection we apply to the intelligence we deliver — applied to the data you entrust to us.
All data is encrypted both in transit and at rest. Information travels only over hardened, secured connections, and is encrypted before it is stored. Your data is never transmitted or held in the clear.
Every organisation operates within its own strictly segregated environment, isolated at the data and application layer. One customer's information can never be reached by another, and your operational data is kept entirely separate from our intelligence holdings.
Internal access is gated by short-lived, cryptographically signed credentials, scoped to a single resource and revocable instantly. Every interface that handles data requires authentication — there are no unauthenticated entry points.
A comprehensive audit trail records who accessed what, when, and from where — down to individual records. Audit logs are available to your administrators and can be exported for compliance reporting and independent review.
All customer data is stored within the United Kingdom and European Union. A limited set of vetted sub-processors — used for specialised AI processing and payment handling — may process data outside this region under appropriate contractual and technical safeguards.
The complete sub-processor list and the protections that apply are set out in our Data Processing Agreement, available to every customer on request.
Request a DPAYou own your data. We never sell it, and we do not use your operational data to train AI models. We collect only what the platform needs to function, and we honour data subject rights in line with EU GDPR and UK GDPR.
A Data Processing Agreement is available to every customer on request.
When you use Threatwhere's AI capabilities, everything involved — the questions you ask, the context drawn from your own data to answer them, and the responses you receive — is treated as your confidential data. It is stored within your organisation's isolated environment in the UK and EU, accessible only to your authorised users, and never pooled with, compared against, or exposed to any other customer.
We do not use your AI interactions to train AI models. Where producing a response requires a specialist AI provider, only the content necessary for that request is sent, under binding confidentiality terms, and is not retained by that provider to train its models.
Engineered to stay available when it matters most.
Enterprise-grade denial-of-service mitigation protects the platform at the network edge.
The platform is monitored continuously, with automatic failover if a component fails.
Stored data is backed by point-in-time recovery, so it can be restored to any moment.
Deployments are engineered to be zero-downtime — the intelligence you depend on stays available.
Our security programme is built around the controls and principles that underpin SOC 2 and ISO 27001, and our privacy practices align with EU and UK GDPR.
Built around the controls and principles that underpin SOC 2.
Information security aligned to ISO 27001 standards and principles.
Privacy practices aligned with both EU GDPR and UK GDPR.
Clear answers to the questions our customers' security, risk, and procurement teams ask most.
For a Data Processing Agreement, security documentation, or to complete a security questionnaire, contact our security team and we will provide everything your risk and compliance teams need.