Last updated: 21 April 2026
Here’s how we protect your data and why you can trust us with it.
Our application and database both run on EU-region cloud infrastructure. Your data doesn’t leave Europe.
All traffic to and from Basics runs over TLS. Data sitting in our database is encrypted at rest by our hosting provider. On top of that, we apply AES-256-GCM encryption at the application level to the most sensitive fields — including your statutory identity code and the full incorporation payload. The encryption keys are held separately from the database, so a database exposure alone wouldn’t decrypt your protected data.
Every query runs through row-level security enforced at the database layer. That means each request is scoped to the logged-in user — you can only see your own company’s data, and that isolation is checked by the database itself, not just by our application code.
We only store what’s needed. Card details stay with our payment processor. Original identity documents stay with our identity-verification provider. Physical mail (if you use our Virtual Address service) is handled by our mail-handling partner. We keep only the information UK regulators require to process your filings.
Your database is backed up automatically and periodically, with point-in-time recovery available so we can restore it to any moment within the retention window if something goes wrong.
You can enable two-factor authentication on your account using an authenticator app at any time.
We keep a secure record of sign-ins and sensitive actions, so we can investigate quickly if anything goes wrong.
We monitor our service continuously for unusual activity and errors. If a security incident affects your data, we’ll contain it, investigate the root cause, and notify affected users without undue delay — within 72 hours of becoming aware, as required by UK GDPR. We’ll be specific about what happened, what we know, what we don’t yet know, and what we’re doing about it.
If you believe you’ve found a vulnerability in Basics, please email [email protected]. We’ll acknowledge your report, treat it confidentially, and start investigating promptly. Please don’t publicly disclose the issue until we’ve had a reasonable chance to fix it.
For details on what data we collect, why, and how long we keep it, see our Privacy Policy.