Security and trust at
the core of everything
We take the security of your data seriously. This page provides transparency
into our security practices, compliance posture, and data handling policies.
ISO 27001
We use the Gridjet data centre which follows ISO 27001 practices
GDPR Compliant
Full compliance with EU and UK data protection regulations
UK Hosted
Data stored exclusively in UK data centres
Our Commitment
At Cliqo, security isn't an afterthought — it's foundational to everything we build. As a Microsoft Partner building on Dynamics 365 Business Central, we inherit Microsoft's enterprise-grade security infrastructure while adding our own layers of protection.
We are committed to maintaining the highest standards of data protection and are continuously improving our security posture to stay ahead of evolving threats.
Security at a Glance
- All communication secured using TLS 1.2+ (HTTPS)
- OAuth 2.0 authentication via Microsoft Entra ID
- Role-based access control (RBAC) at every level
- API rate limiting
- GDPR compliant with UK data residency
Security Practices
Comprehensive security measures to protect your data at every layer.
Authentication
Authenticated using OAuth 2.0 via Entra, JWT bearer tokens and MFA.
Secure Data Handling
All communication secured using TLS 1.2+ (HTTPS).
Access Control
Role-based access control (RBAC) ensures users only access data and functions relevant to their role.
API Rate Limiting
API rate limiting helps prevent brute-force attacks.
Integration
Integrations are built following Microsoft’s best‑practice standards and delivered through secure Azure app registrations.
Data Backup
Automated backups and hourly point-in-time restore capabilities.
Application Security
- Audit logs capture and monitor key events to support security, compliance, and operational oversight.
- Code reviews and static analysis on all changes.
- Regular dependency updates and security patching.
Privacy & GDPR Compliance
Your data protection rights are at the heart of our privacy practices.
Data Processing
We process data only as instructed by our customers. Clear data processing agreements (DPAs) are in place for all clients.
- Lawful basis for all processing activities
- Data minimisation principles applied
- Purpose limitation enforced
- Transparent processing records maintained
Your Rights
We fully support data subject rights under GDPR and UK data protection law.
- Right of access to your data
- Right to rectification and erasure
- Right to data portability
- Right to object to processing
Data Residency
- JetGrid data centre in Leeds, UK
- No data transfers outside UK/EU without consent
Infrastructure & Availability
Enterprise-grade infrastructure
Architecture Highlights
- Multi-tenant architecture with strict data isolation
- Auto-scaling compute resources based on demand
Business Continuity
Our business continuity plan ensures minimal disruption in the event of an incident.
Compliance & Certifications
Our commitment to meeting and exceeding regulatory requirements.
ISO 27001
The Gridjet data centres are currently aligned with ISO 27001 practises.
GDPR
Full compliance with EU General Data Protection Regulation and UK Data Protection Act 2018.
Request Documentation
- Security questionnaire responses available on request
- Data Processing Agreement (DPA) provided during onboarding
- Contact info@cliqo.co.uk for documentation requests
Sub-processors
Third-party services that process data on our behalf.
| Provider | Purpose | Location | Data Processed |
|---|---|---|---|
| Gridjet Data Centre | Cloud infrastructure & hosting | UK | All application data |
| Microsoft Entra ID | Authentication & identity | UK | User credentials & tokens |
| Azure Apps | Integration | UK | Secure Integration with Business Central |
Change Notifications
We notify customers at least 30 days before adding or changing sub-processors. Subscribe to updates by contacting info@cliqo.co.uk.
Have security questions?
Our security team is available to discuss your specific requirements.
Contact Security Team