Security Policy

This Security Policy describes the measures Enthron AI Ltd. ("Enthron", "we", "us", or "our") has in place to protect the confidentiality, integrity, and availability of customer data and the infrastructure that powers our Services.

This policy applies to all systems, services, and personnel involved in the delivery of the Enthron platform, including our website at enthron.ai, APIs, and related products. It is reviewed at least annually, or following any material change to our security posture.

Security is a core concern at Enthron. We process trade compliance data on behalf of importers, exporters, and customs brokers — data that may include commercially sensitive product information, transaction records, and counterparty details. We take our responsibility to protect that data seriously.

Our security programme is built on the principles of least privilege, defence in depth, and continuous improvement. We communicate openly with customers about how their data is protected and what to expect if an incident occurs.

Enthron's infrastructure is hosted on leading cloud providers operating data centres within the United Kingdom and the European Economic Area. We apply appropriate technical and organisational controls across our infrastructure, application layer, and internal processes.

Security is integrated into our software development lifecycle. Access to production systems and customer data is tightly controlled, logged, and reviewed on a regular basis. We assess the security posture of third-party services before integrating them into our platform, and we enter into appropriate contractual arrangements with any sub-processors handling personal data.

All employees receive security awareness training and are subject to confidentiality obligations as a condition of engagement.

All customer data is encrypted both in transit and at rest using industry-standard methods. Encryption keys are managed securely and rotated on a defined schedule.

Automated backups are performed at regular intervals. Backup integrity is verified periodically, and we maintain defined recovery objectives for the platform and its critical components. Critical infrastructure is deployed with redundancy to reduce the risk of single points of failure.

We maintain a documented incident response plan covering detection, containment, investigation, and remediation of security events. In the event of a confirmed breach affecting customer data, affected customers will be notified without undue delay and in accordance with our obligations under UK GDPR.

Significant security incidents result in a post-incident review, the findings of which are used to improve our controls and prevent recurrence.

We welcome reports from security researchers and the wider community regarding potential vulnerabilities in our platform. If you have discovered something you believe represents a security risk, we ask that you:

• Report the issue promptly by emailing contact@enthron.ai.
• Provide sufficient detail to allow us to reproduce and assess the issue — including steps to reproduce, affected components, and potential impact.
• Allow us reasonable time to investigate and remediate before any public disclosure.
• Avoid accessing, modifying, or deleting data that does not belong to you during your research.
• Act in good faith and refrain from using vulnerabilities to cause disruption or harm.

We commit to acknowledging valid reports promptly, keeping you informed of our progress, and not pursuing legal action against researchers who act in good faith within these guidelines.

For security-related enquiries, vulnerability reports, or questions about this policy, please contact us: