Security & Compliance Overview

Version: 2.0

Last Updated: 23rd February 2026

This document is a high-level summary of BizHub365’s security and compliance approach. It is provided for transparency and enterprise procurement due diligence. It does not form part of the contract and does not create additional obligations beyond the Terms of Service, Privacy Policy, and (where applicable) the Data Processing Addendum (DPA).

1. Scope

BizHub365 includes the web platform, APIs, and mobile applications (iOS and Android). The Service may integrate with third-party providers such as payment processors, email delivery providers, AI processing services (for financial analysis), and government interfaces (e.g. HMRC APIs) where initiated by users.

2. Security Principles

  • Least privilege: access is restricted to what is required to perform a task.
  • Defence in depth: layered controls across application, infrastructure, and operational processes.
  • Confidentiality by design: data access is limited, logged, and monitored.
  • Resilience: controls to reduce impact of outages and incidents.

3. Data Protection & Compliance Alignment

  • We align processing practices with UK GDPR and the Data Protection Act 2018, and EU GDPR where applicable.
  • We use third-party processors under contractual arrangements designed to include appropriate safeguards.
  • International transfers (if any) are handled using adequacy, SCCs, and/or UK IDTA mechanisms as applicable.

4. Technical Controls

Control Area Summary
Encryption Encryption in transit (TLS). Encryption at rest may be applied depending on storage layer and provider capabilities.
Access Control Role-based access restrictions, credential protection measures, and administrative access limitations.
Logging & Monitoring Security-relevant event logging and monitoring to detect suspicious activity and support incident investigation.
Secure Development Change control and review practices intended to reduce regressions and security defects.
Vulnerability Management Routine patching and dependency maintenance. Remediation prioritised based on risk and impact.

5. AI Processing Controls

Where AI-assisted features are used, financial documents may be processed via the OpenAI API strictly for the purpose of analysis, summarisation, or classification within the Service.

  • Processing is limited to user-initiated actions;
  • No banking credentials are transmitted;
  • Access is restricted to required data fields;
  • Contractual safeguards are implemented with AI providers.

6. Operational Controls

  • Incident response: processes for triage, containment, investigation, and remediation.
  • Access management: onboarding/offboarding controls for authorised personnel.
  • Vendor management: third-party services are assessed for suitability and contractual safeguards.

7. Backups & Business Continuity

We implement measures designed to support availability and recoverability. However, no system can guarantee uninterrupted service or complete recoverability in all circumstances. Customers remain responsible for maintaining independent backups of their critical records and statutory documentation.

Important: This overview is not a guarantee of availability, retention, or recovery. Contractual terms and limitations remain governed by the Terms of Service.

8. HMRC / Government Integrations

Where users initiate HMRC-related actions, the Service may transmit data to HMRC APIs. Submissions depend on external systems and network connectivity. Status indicators shown within the Service are informational and may not reflect final acceptance by HMRC. Users must verify submission acceptance and compliance with statutory deadlines.

9. Data Minimisation

We seek to collect and process only data reasonably required to provide the Service. We do not sell personal data and we do not use third-party advertising or behavioural tracking as part of the Service.

10. Reporting Security Issues

If you believe you have discovered a security vulnerability, please report it via: https://bizhub365.com/support

Please do not publicly disclose vulnerabilities until we have had a reasonable opportunity to investigate and remediate.

11. Contact

Security and compliance enquiries: https://bizhub365.com/support