Compliance
Where we are on the certification roadmap, and what we rely on today.
OpX is on a defined roadmap for ISO 27001 and Cyber Essentials Plus certification. In the meantime, our security posture rests on the certified infrastructure beneath us and on internal controls aligned to recognised frameworks.
OpX certifications
ISO 27001
Independent assessment scheduled within standard certification timeline. Evidence pack available on request under NDA.
Cyber Essentials Plus
Independent assessment scheduled within standard certification timeline.
Aligned to
- • ISO 27001 (Information Security Management)
- • NCSC Cloud Security Principles
- • OWASP Application Security Verification Standard
- • ICO Accountability Framework for data protection
Underlying platform certifications relied on
Amazon Web Services (eu-west-2)
ISO 27001, ISO 27017, ISO 27018, SOC 1 / 2 / 3, Cyber Essentials Plus.
Supabase managed platform
SOC 2 Type II. HIPAA-eligible.
Cloudflare (edge layer)
ISO 27001. SOC 2 Type II. PCI DSS Level 1.
Regulations
UK GDPR & Data Protection Act 2018
Operated to UK GDPR principles. Lawful basis identified per processing activity. Privacy Notice and Terms of Use published.
EU GDPR
Customer Data is stored and processed in the UK; where EU data subjects are involved, OpX flows down equivalent obligations to sub-processors via DPA.
AI regulation
AI features operate under no-training contractual terms with model providers. We monitor the EU AI Act and will adjust controls as regulatory clarity emerges.