Security & Trust

Designed for firms handling sensitive financial data

EnquiryLabs is built with the information security requirements of FCA-regulated businesses in mind. Your customer data, application information and financial records are handled with the operational rigour that regulated environments demand.

Secure by design

Security is not an afterthought in EnquiryLabs — it's built into the platform architecture from the ground up, with encryption, access controls and audit logging at the core.

Built for regulated businesses

EnquiryLabs is used by FCA-regulated vehicle finance brokers and dealers who are accountable for how customer data is handled. We take that responsibility seriously.

UK-hosted & compliant

Data is stored in UK and EU data centres. Our approach to data protection is aligned with UK GDPR and designed for use in financial services environments.

Security Controls

What we do to protect your data

A breakdown of the specific security controls and practices we apply to the EnquiryLabs platform and your data.

Infrastructure & Data Security

  • All data encrypted in transit using TLS 1.2+
  • Data encrypted at rest using AES-256
  • Hosted on enterprise cloud infrastructure with high availability
  • Regular automated backups with tested recovery procedures
  • Infrastructure security monitoring and alerting
  • Dependency and vulnerability scanning as part of deployment

Access Control & Authentication

  • Role-based access control — configurable per user and team
  • Mandatory multi-factor authentication (MFA) for all users
  • Session timeout and re-authentication controls
  • IP-based access restrictions available on request
  • Password strength enforcement and secure credential storage
  • Single Sign-On (SSO) support available for enterprise accounts

Audit Logging & Accountability

  • Full audit log of all user actions within the platform
  • Log retention aligned with FCA record-keeping expectations
  • Immutable audit trail for deal and customer record changes
  • Admin visibility over team activity and access events
  • Exportable audit logs for compliance and regulatory purposes
  • Alerts for unusual access patterns or anomalous activity

Data Protection & Privacy

  • UK GDPR compliant data processing practices
  • Data processing agreement (DPA) available on request
  • Customer data stored in UK / EU data centres
  • Data subject request handling support for your customers
  • Clear data retention policies and deletion mechanisms
  • No sale or sharing of your customer data with third parties

Operational Security

  • Secure development lifecycle (SDL) practices followed
  • Code review and security testing for all releases
  • Principle of least privilege applied across internal systems
  • Documented incident response procedures
  • Security responsibility assigned within the engineering team
  • Supplier and third-party security assessments

Business Continuity

  • Platform designed for 99.9%+ uptime availability
  • Documented disaster recovery and business continuity plans
  • Multi-region failover capability
  • Automated database replication and point-in-time recovery
  • Scheduled maintenance with advance notice to customers
  • Status page and incident communication for service events
Security Framework

ISO 27001–aligned information security

Our information security management approach is aligned with the principles of ISO 27001 — the international standard for information security management systems. This means we apply a structured, risk-based approach to protecting your data.

This includes formal policies and procedures covering risk assessment and treatment, access control, asset management, incident management, business continuity and operational security.

Note: EnquiryLabs does not currently hold formal ISO 27001 certification. Our practices are aligned with ISO 27001 principles as part of our ongoing commitment to operational security.

Request More Information
ISO 27001 control areas covered
Information security policies
Access control management
Cryptography and encryption
Operations security controls
Incident management and response
Business continuity planning
Supplier and third-party security

Security questions before you commit?

We're happy to share our security documentation, answer your compliance team's questions or arrange a technical security review. Talk to us.

Speak to the Team Request Security Docs