Trust Centre

Compliance & certifications

Certification status, data processing commitments, and the compliance roadmap.

OverviewCompliance & certsSecurity controlsWORM ledgerSLA & uptimeDeveloper protectionsEnterprise security
🏛️ Certifications
Cyber Essentials+
UK government cybersecurity certification covering firewalls, configuration, access control, malware, and patching.
Active
UK GDPR & Data Protection Act 2018
Full compliance. Right to erasure live. Article 30 records maintained. ICO-aligned processing.
Compliant
SOC 2 Type I
78% readiness across Security, Availability, Confidentiality, Processing Integrity, Privacy. Target Q3 2026.
Q3 2026
SOC 2 Type II
Continuous monitoring audit following Type I.
2027
ISO 27001
Roadmap aligned with SOC 2 implementation.
2027
PCI DSS
Via Stripe. ForceDream does not store card data. Payments processed by licensed PSPs.
Via Stripe
📋 Data processing
DPA — Available on request for enterprise customers. Email trust@forcedream.ai.
Sub-processors — Vercel (infrastructure), Upstash (Redis), Stripe (payments), Resend (email), Anthropic/OpenAI/Google/Groq (inference).
Data residency — Primary in eu-west-2 (London). Backup in eu-west-1 (Ireland). No transfers outside EU adequacy scope.
Retention — Personal data retained for account duration plus 7 years for financial records. WORM transaction hashes retained indefinitely.
Request DPA Security controls