Security & Compliance

Exchange is designed as a professional documentation platform with security, privacy, and data protection as core principles.

Data Protection

Exchange is designed to support organisations working with sensitive records.

We follow privacy-first design principles and minimise unnecessary data collection.

Key principles include:

• Data is only collected where required for the functioning of the service.

• Exchange does not sell or share user data with third parties.

• Organisations retain ownership and responsibility for the records they create.

• Exchange is designed to support organisations operating under data protection frameworks such as the UK GDPR.

Secure Authentication

Exchange uses secure authentication mechanisms to protect user accounts.

Security measures include:

• password hashing using secure cryptographic algorithms

• authenticated API requests using access tokens

• session management to prevent unauthorised access

• Users are responsible for keeping their login credentials secure.

Data Storage

Exchange uses secure infrastructure to store and process data.

Key protections include:

• secure cloud infrastructure

• encrypted connections (HTTPS)

• restricted system access

• Records are stored and accessed only by authorised users within the organisation.

Export and Record Control

Exchange allows organisations to generate structured exports of their records when required.

Exports are typically used for:

• internal reporting

• safeguarding documentation

• professional review

• legal or court processes where applicable

Exchange does not restrict the number of exports generated within a licensed account.

Access Controls

Exchange supports organisational access controls.

Access is limited to authorised staff users associated with an organisation’s account.

Administrative controls allow organisations to manage staff access where required.

System Monitoring

Exchange systems are monitored to maintain service reliability and detect potential issues.

Where necessary, updates or improvements may be deployed to maintain system stability and security.

Responsible Use

Exchange is designed as a structured documentation platform.

It is not intended for messaging, communication between parties, or social interaction.

Organisations are responsible for ensuring the platform is used in accordance with their internal governance policies.

Security Contact

If you have any security-related questions or concerns, please contact:

security@exchange-log.app