Security & Compliance · For Procurement Teams

Enterprise-grade infrastructure.
Development-sector focus.

Security, compliance, and data governance details for procurement teams. Hosting, access controls, data protection, and SLA commitments — everything you need to complete a vendor assessment.

H Hosting & Infrastructure
Primary hosting region
Coventry, United Kingdom — EU/Africa data residency
US region
Available on request for Pro and Enterprise tiers
Uptime SLA
99.9% uptime for Core tier and above
Backups
Daily automated backups · 30-day retention
Data at rest
AES-256 encryption
Data in transit
TLS 1.3
D Data Protection
GDPR
GDPR-aware architecture — data processed and stored in the United Kingdom
Tanzania law
Tanzania Data Protection Act 2022 compliant
Tenant isolation
Each organisation's data is logically separated. No cross-tenant data access — enforced at query level.
Personal data categories
Names, email addresses, project operational data. No sensitive personal data categories unless explicitly entered by the tenant.
A Access Controls
Role-based access (RBAC)
tenant_admin · project_manager · meal_officer · field_officer · viewer · safeguarding_focal
Impersonation
Super-admin can impersonate tenant users for support. All impersonation actions are flagged in the audit log with the acting admin's ID.
Audit log
Every data change, login, and user action is logged with timestamp, IP address, and user agent.
API authentication
Token-based (JWT) · 24-hour token expiry
Donor portal access
Time-limited token links · 90-day rolling expiry · hard 365-day cutoff · revocable at any time by tenant_admin
S Security Posture
SOC 2
Not yet certified Roadmap item for Q1 2027
ISO 27001
Not yet certified Security controls implemented · Certification planned Q2 2027
Penetration testing
Scheduled for Q3 2026
Vulnerability disclosure
security@metriqos.net
E Enterprise SLA
Plan Uptime commitment Support response Additional
Seed Best effort Best effort
Core 99.5% 24-hour response
Pro 99.9% 4-hour response Named support contact
Enterprise Custom SLA Custom Dedicated account manager · Custom hosting region available

Security questionnaire or DPA?
We respond within 24 hours.

Need a security questionnaire completed, a data processing agreement, or a custom DPA? Email security@metriqos.net — we respond within 24 hours.

Contact security team