Security & data protection
Literate is built EU-resident, pseudonym-first, and designed for IT and security teams to approve quickly.
EU region only: Vercel EU edge, Postgres in EU jurisdiction, Cloudflare R2 EU bucket.
SSO mode stores no staff PII — only pseudonyms derived via HMAC of the IdP sub claim.
TLS 1.3 in transit, AES-256 at rest. Database backups encrypted, EU region, 30-day retention.
Publicly listed with locations and SCCs where applicable.
Cyber Essentials Plus (in progress), ISO 27001 (planned), SOC 2 (planned).
72-hour customer notification commitment per UK GDPR Article 33.
Annual third-party testing scheduled post-launch.
Reports to security@literate.eu acknowledged within 24h.
DRAFT — this page is illustrative of what the live site will publish. Replace placeholders before launch.