Trust Centre

Anomalyse is a SaaS platform for analysing industrial sensor and process data. The platform is designed to process machine-generated telemetry and operational data. It is not intended for the collection or processing of personal data or payment card data. Customer data is processed and stored in AWS in the EU, in the eu-west-1 (Ireland) region.

Security

Cloud Architecture

Our platform is hosted on AWS in a multi-account environment using managed cloud services. We use infrastructure-as-code, environment separation, centralised logging and AWS-native security controls to support consistent deployment and secure operations.

Access Control

Internal access to production systems is controlled through federated single sign-on using Google Workspace, with MFA and/or passkey authentication required. Access is individually attributable and granted on a least-privilege basis. Production and development environments are separated into distinct AWS accounts. Application service roles are granted only the permissions required for their function.

Authentication

Application authentication is provided using Amazon Cognito. Customer API access is controlled using rotatable API keys. Keys can be revoked and replaced when required and customers are encouraged to rotate them periodically.

Encryption

Data in transit is encrypted using TLS, requiring TLS 1.2 or newer. Data at rest is encrypted using AWS-managed encryption for storage services, including Amazon S3 and DynamoDB.

Secure Development

All code changes require review by at least one other developer before deployment. We use automated static analysis and dependency scanning as part of the development lifecycle, including Sonar and Snyk. Application and infrastructure changes are deployed through an automated CI/CD pipeline using OIDC-based authentication to AWS.

Logging, Monitoring and Platform Security

We maintain centralised logging, metrics and alerting across our AWS organisation to support monitoring, investigation and response. Our AWS organisation is governed through centrally managed account and security controls. Baseline security logging, configuration monitoring and threat detection are enabled across all AWS accounts.

Edge Protection

Public-facing endpoints are protected by rule-based and rate-limiting firewall controls designed to mitigate common abusive and malicious automated traffic.

Data Handling

Data Categories

We process industrial sensor and operational data submitted by customers for analysis. The service is not intended for the collection or processing of personal data, and customers should not include personal data in submitted datasets unless explicitly agreed in writing.

Data Location

Customer data is processed and stored within the European Union in the eu-west-1 (Ireland) AWS region.

Multi-tenant Isolation

The platform is a multi-tenant SaaS application. Tenant data is logically isolated using tenant-specific controls in application and storage layers, including S3 object prefixes and DynamoDB partition keys. Application-layer authorisation ensures customers can only access their own tenant data.

Retention and Deletion

Customer data is retained for the duration of the customer relationship unless otherwise agreed in writing. Following termination or a valid deletion request, we delete customer data, including versioned and archived copies, within 30 days, unless law or contract requires a longer retention period. Operational and security logs are retained separately for monitoring, investigation, and audit purposes for a limited period appropriate to those functions.

Privacy and GDPR

We generally act as a data processor for customer-provided data. Because our service is designed for industrial telemetry rather than personal data, our processing activities are intended to be low-risk from a data protection perspective. Where GDPR applies, we support our customers through appropriate contractual and operational controls. Customers remain responsible for determining whether any submitted data is subject to data protection law and for ensuring they have an appropriate lawful basis for any such processing.

Subprocessors

Anomalyse relies on a limited number of service providers to operate the platform and our internal business systems, including:

  • Amazon Web Services (hosting and storage)

  • Google Workspace (identity and internal operations)

  • Bitbucket (source code management and CI/CD)

Additional subprocessors may be used for business operations from time to time. Current subprocessors are available on request.

Incident Response and Continuity

We follow a structured approach to security and service incidents, including:

  • detection and alerting

  • triage and impact assessment

  • containment and remediation

  • post-incident review

Where a security incident affects customer data or service availability, we will notify affected customers as appropriate and in line with our contractual and legal obligations. Our continuity approach is based on managed AWS services, infrastructure reproducibility, centralised monitoring and recovery from source data. Customer data is stored durably using managed fault-tolerant services. Derived data can be rebuilt from source data if required.

Vulnerability Management

We use secure development practices, peer review, automated static analysis, dependency scanning and AWS-native security monitoring to identify and remediate vulnerabilities. Security issues are prioritised according to severity and potential impact, with critical issues handled on an expedited basis. We perform security testing appropriate to the nature of changes made to the platform.

If you believe you have identified a security issue in our platform, please review our Vulnerability Disclosure Policy.

Contact

For security, privacy or trust-related enquiries, or to request a PDF copy of this information, contact security@anomalyse.io