Last Updated: May 4, 2026
Tigris Systems Ltd (“Tigris”) is committed to protecting the security, confidentiality, and integrity of Customer Data and the Services. This policy describes the technical and organisational measures we implement.
The Tigris platform is hosted on cloud infrastructure provided by established, enterprise-grade providers. Our hosting environments are located within data centres that maintain industry-standard physical security controls, including access restrictions, surveillance, and environmental protections.
All data in transit is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256 or equivalent encryption standards. Encryption keys are managed using the key management services provided by our cloud infrastructure provider.
Access to the Services and Customer Data is restricted on a need-to-know basis. We implement role-based access controls (RBAC) for all internal systems. Administrative access to production systems requires multi-factor authentication (MFA). Access permissions are reviewed regularly and revoked promptly when no longer required.
We follow secure software development practices. Code changes are reviewed before deployment. Dependencies are monitored for known vulnerabilities. We conduct periodic security assessments of our platform.
Customer Data is backed up regularly. Backups are encrypted and stored in a separate location from production systems. Recovery procedures are tested periodically to ensure data can be restored in the event of a service disruption.
Tigris maintains an incident response procedure for identifying, containing, and resolving security incidents. In the event of a personal data breach, Tigris will notify affected Customers without undue delay and in any event within 72 hours of becoming aware of the breach, as required by UK GDPR Article 33.
All Tigris personnel with access to Customer Data are bound by confidentiality obligations. Security awareness is part of our onboarding and ongoing practices.
Tigris uses third-party sub-processors to deliver parts of the Services (for example, cloud hosting and infrastructure providers). A current list of sub-processors is available on request by contacting info@tigris.systems.
Tigris is currently pursuing ISO 27001 certification and is registered with the UK Information Commissioner’s Office (ICO). This policy will be updated as certifications are achieved.
For security-related questions, contact us at info@tigris.systems.
