Security & Compliance

Enterprise-Grade Security

Your data is protected by industry-leading security measures, certifications, and compliance standards worldwide.

Data Privacy Compliance

Data privacy is fundamental to how we build and operate Wizard Application. We comply with every major data protection regime our customers operate under, and we extend the same protections to every region we serve. Because we take your data seriously, you choose where it lives. Select your data residency region during signup, and your data, backups, and processing remain within that jurisdiction for the lifetime of your account.

Compliant

GDPR & UK DPA

Full compliance with EU General Data Protection Regulation and UK Data Protection Act 2018.

ICO Registered
Compliant

US State Privacy

Compliance with US state consumer privacy laws giving residents in covered states the right to access, correct, delete, and opt out of the sale or sharing of their personal data.

CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA, TDPSA, OCPA, MCDPA
Compliant

LGPD (Brazil)

Compliance with the Brazilian Lei Geral de Proteção de Dados (LGPD), protecting the personal data of individuals located in Brazil with rights to access, correct, port, and delete their information.

Compliant

APPI (Japan)

Compliance with the Japanese Act on the Protection of Personal Information (APPI), backed by the reciprocal EU-Japan and UK-Japan adequacy framework, giving residents of Japan rights of disclosure, correction, and suspension of use.

Security Certifications

Independent certifications attesting to the strength of our security controls.

In Progress

Cyber Essentials

UK Government-backed certification demonstrating our commitment to cyber security fundamentals.

In Progress

ISO 27001

International standard for information security management systems. Currently in our certification journey.

65% Complete - Expected Q1 2027
In Progress

SOC 2 Type II

Working towards third-party audits verifying our security, availability, and confidentiality controls.

25% Complete - Expected Q4 2027
In Progress

ISO 27017

Cloud-specific security controls extending ISO 27001. Scheduled to commence after ISO 27001 certification.

Follows ISO 27001 - Expected Q3 2027
In Progress

ISO 27018

Protection of personally identifiable information in the cloud. Pursued alongside ISO 27017.

Follows ISO 27001 - Expected Q3 2027
In Progress

ISO 42001

International standard for AI Management Systems. Governs how AI is responsibly developed, deployed, and monitored across our platform.

Scoping in progress - Expected 2028

Built on AWS

Our platform runs on Amazon Web Services, the same trusted cloud that powers banks, governments, and FTSE 100 companies worldwide. Each customer is placed in the AWS region matching their business's jurisdiction.

  • All data encrypted at rest with AES-256 and in transit with TLS 1.3
  • Hosted in the AWS region matching your business's jurisdiction, with replication across multiple Availability Zones
  • Private VPC with AWS WAF, isolated subnets, and DDoS protection via AWS Shield
  • Credentials managed through AWS Secrets Manager, isolated from the application runtime

Security Controls

Complete Database Isolation

Unlike many SaaS platforms that store all customers in a shared database, Wizard Application implements true customer isolation. Each customer receives their own completely separate database instance.

Authentication

TOTP-based multi-factor authentication, passwordless login with passkeys (WebAuthn), and Google Workspace or Microsoft Entra single sign-on for Enterprise customers.

Role-Based Access

Granular permissions ensure users only access what they need.

Audit Logging

Complete audit trail of all user actions and data access.

Security questions or concerns?

Our security team is here to help with any questions you have.

Contact our security team
FAQ

Security questions, answered

Common questions about how we protect your data.

Customer data is hosted on AWS in the region matching your business's jurisdiction, and it stays within those local data residency boundaries at all times.

Data at rest is encrypted with AES-256. Data in transit uses TLS 1.3 with perfect forward secrecy. Encryption keys are managed in AWS KMS.

No. Each customer gets their own isolated database, with no shared schema or shared rows. Cross-customer access is impossible by design.

Automated backups run daily with point-in-time recovery and 90-day retention. Backups are encrypted and stored in geographically separate AWS regions.

Yes. We commission independent penetration tests annually, and run continuous vulnerability scanning through Amazon Inspector and threat detection through AWS GuardDuty.

Email support@wizardapplication.com. Security disclosures and documentation requests are triaged within one business day.