At Cubigo, safeguarding customer and end-user data is a core priority. We are committed to maintaining robust security and data protection standards across our organization and platform, as demonstrated by our ISO 27001:2022 certification and regular independent audits. To achieve this, we employ a comprehensive framework of physical, technical, and organizational security measures designed to protect data against unauthorized access, disclosure, alteration, misuse, loss, or destruction.
We continuously strengthen our internal and external legal expertise to maintain full compliance with evolving statutory and regulatory requirements, including General Data Protection Regulation (GDPR), UK GDPR, the UK Data Protection Act 2018, the EU AI Act, the Digital Services Act, HIPAA, PIPEDA and other applicable legal frameworks.
Table of contents
- Protecting your data: confidentiality, integrity and availability
- Security practices implemented and safeguarded by ISO27001
- Ensuring your privacy
- Trustworthy and Human-Centric AI-Enabled platform Features
Protecting your data: confidentiality, integrity and availability
Secure and Reliable Host
Cubigo is deployed as a fully cloud-based web and mobile platform on Microsoft Azure, leveraging geographically redundant data centers and a robust infrastructure designed to deliver high availability, scalability, and state-of-the-art security.
Our platform is secured through advanced threat detection and intrusion prevention capabilities integrated with centralized monitoring and alerting systems to ensure proactive security management.
We also provide a modern Single Sign-On (SSO) solution based on OpenID Connect and OAuth 2.0 standards, delivering a secure, streamlined authentication experience aligned with current industry best practices. Our mobile native apps are approved and distributed via the official stores.
Data Encryption
All data is encrypted at rest and in transit using TLS v1.2. All transmissions of information from and to Cubigo are encrypted. We use Secure Socket Layer ("SSL") technology to encrypt all communication between the browser/app used by the community and the Cubigo platform.
Data Retention
All Cubigo data is backed up on a nightly basis, the backups are replicated and archived so the information is always available in the event of a system failure. All backups are encrypted, password protected and stored on physically separate data centers for hardware and location redundancy (to avoid any service disruptions due to unplanned outages or natural disasters).
Monitoring
The Cubigo platform is monitored via Application Insights. We guarantee 99.5% average availability per calendar month to our customers, as described in the service level agreement. Any downtime is immediately detected and information regarding the downtime will be routed to the individuals (alerts) and entities responsible for remedying any issues.
Security practices implemented and safeguarded by ISO27001
To maintain consistent and robust security practices across the organization, Cubigo operates an Information Security Management System (ISMS) based on the ISO 27001:2022 standard. This organization-wide framework defines the policies, processes, and controls used to safeguard information assets and manage security risks effectively. By implementing comprehensive security measures, Cubigo minimizes the risk of data loss and security incidents while ensuring business continuity and operational resilience. Our ISMS addresses organizational processes, employee responsibilities and behavior, data protection, technology infrastructure, risk management, and business continuity planning.
Security roles and responsibilities are formally defined across the organization, and security practices are integrated into our operational processes, product development lifecycle, and company culture. Our development team applies a "Security by Design" methodology, supported by formal policies, engineering guidelines, and validation checklists that are integrated throughout the software development lifecycle. Security requirements and best practices are embedded into our code review processes, ensuring consistent security awareness and accountability across the entire engineering team.
To maintain and continuously improve our security posture, Cubigo performs regular internal and external audits. Relevant audit reports can be made available upon request.
Ensuring your privacy
Role Based Access Control
Cubigo has 'user access levels' (Role-Based Access Control) that allows the community to restrict access to information and features based on the user's role.
Data privacy
Cubigo maintains strict internal policies and access controls to protect customer and end-user information, ensuring that access is granted only to authorized personnel with a legitimate business need. We do not use customer data to contact your users or employees, and we never sell personalized data. When customer support access is required, only the minimum necessary account data is accessed by trained and authorized professionals in accordance with strict security and confidentiality procedures.
Training and Education
Cubigo employs highly qualified professionals and conducts annual training and awareness programs covering legal, privacy, and information security requirements. This continuous focus ensures that security and data protection are embedded throughout our organization and daily operations. In accordance with GDPR and other applicable regulations, Cubigo has established an ISMS Steering Committee and appointed a Data Protection Officer (DPO) responsible for overseeing information security and data protection compliance.
Trustworthy and Human-Centric AI-Enabled platform Features
Artificial Intelligence (AI) increasingly plays a role in everyday digital experiences, and Cubigo leverages carefully selected AI-enabled capabilities to enhance and support the experience of end users. Examples include intelligent search functionality, virtual assistant features, activity recommendation systems, and similar smart services. These AI-enabled capabilities are offered as optional add-ons to the core platform, allowing customers to decide whether and how they wish to adopt them.
Transparency and Human Oversight
Cubigo is committed to transparency in the use of AI. Whenever users interact with a feature that incorporates AI functionality, this is clearly indicated within the user interface through visual indicators such as a Nova (AI) icon. Where appropriate within operational workflows, human oversight by organizational staff is maintained. Users are encouraged to critically review and validate AI-generated outputs before taking action or accepting recommendations.
Data Residency, Isolation, and Model Use Policies
In line with Cubigo's privacy-conscious culture, AI-enabled features are designed and implemented in alignment with the principles of the EU AI Act and leading regulatory and product safety frameworks. To support these services, Cubigo works with a limited number of trusted third-party providers operating within Cubigo's secure and controlled ecosystem. All data is protected through strong encryption, strict access controls, and secure processing practices. Data is collected exclusively through the Cubigo user interface and stored within dedicated Microsoft Azure storage environments associated with Cubigo's tenant infrastructure.
To reinforce data sovereignty and privacy protections, customer data is not shared outside Cubigo's secure ecosystem and is never used to train external AI models or exposed to public or external Large Language Models (LLMs).
Where outputs generated through AI-enabled features are stored within the platform - for example within user profiles, requests, or other records - such data remains subject to the same governance, security, and privacy controls that apply to all customer data within Cubigo, including applicable GDPR rights related to access, rectification, deletion, and other data subject protections.
If you have any questions about Cubigo's privacy compliance, feel free to contact us at privacy@cubigo.com
Comments
0 comments
Please sign in to leave a comment.