Trust & security

e20 handles safety-critical data for organisations across construction, utilities, housing, and more. We take that seriously. Here’s how we protect your data and your teams.

Organisational security

Eighty20 Risk Systems holds Cyber Essentials Plus certification, independently assessed and renewed annually. This covers our organisation, devices, and internal processes.

We enforce least-privilege access internally. The team members who can reach production data is small, named, and audited.

Infrastructure

e20 runs on enterprise-grade cloud infrastructure from a major hyperscale provider, with encryption in transit and at rest across compute, storage, and authentication services. Our edge layer provides DDoS mitigation, bot management, and web application firewall protections as standard.

Identity and authentication are handled by managed cloud identity services, not a homegrown auth stack.

All environments are separated. Development, staging, and production never share resources or credentials.

Application security

The e20 platform enforces role-based access controls at every level. Permissions are granular: you decide who sees what, down to individual forms, dashboards, and document libraries.

Sessions are managed with industry-standard token handling. Authentication supports your existing workflows, and all access is logged.

We conduct regular security assessments of the platform, including independent testing of our API surface. Identified issues are triaged and resolved on a risk-based schedule.

Supply chain

We actively manage our software supply chain. Third-party dependencies are vetted, version-pinned, and subject to minimum age policies before adoption. We monitor for known vulnerabilities and act on advisories promptly.

Data ownership

Your data is yours.

• Export anytime via REST API or CSV download. No lock-in, no exit fees.
• Retention is under your control. You decide what stays and what goes.
• We don’t sell, share, or mine your data. It exists to serve your teams, not ours.

Availability

e20 is designed for field teams who need it to work. The platform is built for high availability with redundancy across services. The mobile app includes offline capability. Assessments sync automatically when connectivity returns.

Data protection

Eighty20 Risk Systems complies with UK GDPR and the Data Protection Act 2018. We process personal data only as necessary to deliver the platform and support your teams.

We maintain a record of processing activities, conduct data protection impact assessments where appropriate, and have data processing agreements in place with our sub-processors.

Our designated Data Protection Officer can be reached at dpo@eighty20risk.com.

Questions

If your procurement or IT security team needs more detail, we’re happy to talk. We can provide additional information under NDA where appropriate.

Contact: dpo@eighty20risk.com