Security

Your trust is our highest priority. At Perkstar, we are dedicated to providing a secure and reliable platform that protects your business and customer data. Our comprehensive security practices ensure your information is safe at every step.

Our Security Commitment

We employ a multi-layered approach to security, integrating the latest technologies and best practices to safeguard your data. This includes continuous monitoring, advanced encryption, and rigorous compliance with industry standards.

Key Security Measures

Data Encryption

In Transit: All data exchanged between you and our platform is encrypted using TLS 1.3 (Transport Layer Security), ensuring sensitive information is protected during transmission.

At Rest: All stored data, including databases and backups, is encrypted using AES-256 encryption to prevent unauthorised access.

Secure Infrastructure

Our platform is hosted on DigitalOcean, a trusted cloud infrastructure provider that maintains ISO 27001, ISO 27017, ISO 27018, and SOC 2 Type II certifications across all data centres.

Customer data is stored in certified data centres located in the United Kingdom, European Union, and United States. Data centre assignment is automatic based on your registered business location, ensuring optimal performance and compliance with local data protection regulations. UK and EU customer data always remains within UK/EU jurisdictions.

For full details on our data hosting locations and regional assignments, see our Data Hosting Policy.

Identity and Access Management

Role-Based Access Control (RBAC): Access to sensitive data and systems is restricted based on user roles and responsibilities.

Multi-Factor Authentication (MFA): Users can add an additional layer of protection with MFA to prevent unauthorised access.

Administrative Access: Internal access to customer data is limited to authorised Perkstar personnel, requires multi-factor authentication, and is subject to activity logging and regular access reviews.

Monitoring and Testing

Continuous Monitoring: Our systems are automatically monitored for potential security threats and anomalies.

Vulnerability Assessments: Regular penetration testing and vulnerability scans are conducted to identify and address weaknesses.

Incident Response Plan: We have a robust incident response plan to handle security events swiftly and effectively.

Compliance and Standards

We adhere to global security and data protection standards, including:

UK GDPR and Data Protection Act 2018: For the protection and privacy of personal data within the United Kingdom.

EU General Data Protection Regulation (GDPR): For the protection and privacy of personal data within the European Union.

Infrastructure Certifications: Our hosting provider maintains ISO 27001, ISO 27017, ISO 27018, SOC 2 Type II, and PCI DSS Level 1 certifications.

Secure Payments

All payment transactions are processed through Stripe, a PCI DSS Level 1 certified payment provider. Perkstar does not store, process, or have access to your full payment card details at any point.

Secure Development Practices

Code Reviews: All code is reviewed and tested to ensure security is built into our platform from the ground up.

Automated Security Testing: Tools are used to scan for vulnerabilities in real time during development.

How You Can Protect Your Account

While we implement extensive security measures, your actions also play a crucial role in safeguarding your data.

Use Strong Passwords: Create a unique password for your account and avoid reusing passwords across multiple platforms.

Enable Two-Factor Authentication (2FA): Protect your account with an additional layer of security.

Monitor Account Activity: Regularly check your account activity and report any unauthorised access.

Be Cautious: Do not share your credentials with anyone, and verify emails or messages claiming to be from Perkstar.

Our Approach to Incident Response

In the event of a security incident, our dedicated team will:

Identify and Contain Threats: Immediate action is taken to isolate and neutralise risks.

Investigate the Issue: A detailed analysis is conducted to understand the cause and impact.

Notify Affected Users: Affected customers are notified without undue delay and within 72 hours in accordance with GDPR requirements.

Implement Preventive Measures: Lessons learned are used to strengthen our defences and prevent recurrence.

Frequently Asked Questions

Is my data safe with Perkstar? Yes. We use AES-256 encryption at rest, TLS 1.3 encryption in transit, strict role-based access controls, and host on ISO 27001-certified infrastructure to ensure your data is secure.

Where is my data stored? Customer data is stored in DigitalOcean data centres in the UK, EU, or US, depending on your registered business location. UK and EU customer data always remains within UK/EU jurisdictions. See our Data Hosting Policy for full details.

Can I export my data? Yes. You can export your customer data at any time through your account settings. If your account is terminated, you have 30 days to retrieve your data before it is deleted.

How does Perkstar protect payment information? All payments are processed securely through Stripe, a PCI DSS Level 1 certified provider. Perkstar never stores or has access to your full card details.

Do you use sub-processors? Yes. A current list of sub-processors is maintained at perkstar.co.uk/sub-processors. We ensure all sub-processors meet our security and data protection standards.

Has Perkstar had any security breaches? As of February 2026, Perkstar has not experienced any security breaches. We continuously monitor and improve our security posture to keep it that way.

Transparency and Reporting

We believe in maintaining transparency about our security practices. If you have questions, concerns, or wish to report a vulnerability, please contact our security team:

Email: legal@perkstar.co.uk Address: Perkstar Ltd, 86-90 Paul Street, 3rd Floor, London, EC2A 4NE