Datavacy is a GDPR compliance platform — so holding your data to the highest security standards isn't just a promise. It's non-negotiable.
Built on Vercel and Railway — the same cloud platforms trusted by thousands of global businesses.
Datavacy was built for UK GDPR from day one — not retrofitted. Compliance is in our DNA.
We don't run ad pixels, third-party analytics, or marketing cookies. What you do on Datavacy stays on Datavacy.
Our Terms, Privacy Policy, Cookie Policy, and Data Processing Agreement are all professionally reviewed.
Every piece of data you store in Datavacy is protected by multiple layers of security — from the moment it leaves your browser to where it's stored in our database.
All data travelling between your browser and our servers is encrypted using TLS (HTTPS). No unencrypted connections are ever accepted. Your data cannot be intercepted in transit.
Your stored data lives in a PostgreSQL database on Railway's secure cloud infrastructure, with encrypted disk storage. Even if someone accessed the physical hardware, your data would be unreadable.
Logins are handled by Clerk — a specialist authentication provider. Passwords are never stored in plain text. Brute-force attacks are blocked automatically, and multi-factor authentication is available.
We never see, store, or touch your card details. All payments are processed entirely by Stripe — a PCI-DSS Level 1 certified provider, the highest level of payment security available.
Every organisation on Datavacy has its own isolated data space. Your compliance records, consent logs, and SAR data are never visible to other customers — full stop.
Our API is protected against automated attacks, brute-force attempts, and data scraping. Unusual access patterns are detected and blocked before they can cause harm.
We don't build our own data centres — we stand on the shoulders of enterprise-grade platforms that specialise in security, uptime, and reliability.
As a UK GDPR compliance platform, we are held to the same standards we help you meet. Here is exactly how we fulfil our legal obligations as your data processor.
Datavacy Ltd is registered with the UK Information Commissioner's Office (ICO) under registration number ZC137164, valid until April 2027. This means we are legally required to handle your data lawfully, transparently, and in accordance with UK GDPR at all times.
Transparency is part of how we operate. Here is exactly what you can expect from us when it comes to your data.
Your data belongs to you. We do not sell, rent, or share your compliance data or customer information with any third party for commercial purposes. Ever.
Unlike most SaaS tools, we run no Meta pixels, Google Analytics, or third-party advertising cookies on our app. What you do inside Datavacy is private.
We only collect what we need to run the service — your name, email, organisation details, and the compliance data you actively enter. Nothing more.
Your data is never held hostage. You can download your compliance records and data register at any time directly from your dashboard.
In the unlikely event of a security incident affecting your data, we will notify you promptly — and in accordance with our obligations under UK GDPR Article 33.
Our full list of subprocessors (Vercel, Railway, Clerk, Stripe, Resend) is documented in our Data Processing Agreement, which is available to all customers.
"We built Datavacy to help small businesses take GDPR seriously — so it would be completely at odds with our mission to cut corners on our own security. We hold ourselves to the same standard we ask of you."
— Leon Morgan, Founder, Datavacy LtdIf you'd like more detail about our security practices, data processing, or to request a copy of our Data Processing Agreement, we're happy to help.