Enterprise-Grade Security
Built for UK accounting professionals handling sensitive financial data
UK GDPR Compliant
Full compliance with UK data protection regulations
Bank-Grade Encryption
AES-256 encryption for all data at rest and in transit
Data Redaction
Sensitive data automatically redacted in exports and reports
CPR 35 Framework
Templates structured to assist CPR Part 35 reporting
1. Vendor Entity & Governance
AccountScope is operated as a premium SaaS platform under strict corporate governance guidelines.
AccountScope (Incorporation in Progress)
Incorporation Pending
Registration Address Pending
UK-hosted primary database and storage (AWS London eu-west-2)
2. Security Protocols & Isolation
Our database architecture utilizes strict tenant segregation mechanisms to ensure case data is mathematically isolated.
PostgreSQL Row-Level Security (RLS)
Every database query executes through an active tenant filter context. There is no shared cross-tenant pool access, guarding against data leakage.
Append-Only Audit Logs Where Supported
All transaction manual adjustments, categorisations, and report generations trigger audit logs where supported by the client database config.
Auto-Purging & Compliance Scheduling
Operators can enforce custom data retention limits. Original uploaded statement files can be configured to auto-purge after 30, 90, 180 days, or retained indefinitely (case lifetime) to align with document storage rules.
3. Business Continuity & Escrow Uptime
AccountScope provides defined SLA commitments and active continuity programs to protect long-running case work.
• **RPO (Recovery Point)**: Under 1 hour.
• **RTO (Recovery Time)**: Under 4 hours.
• Continuous PostgreSQL Point-in-Time Recovery backups inside AWS London.
• Verified source code, build parameters, and schemas can be deposited in independent third-party escrow.
• Perpetual run-in-place rights trigger in the event of vendor insolvency.
4. Compliance & Security Roadmap Status
To maintain absolute trust, we declare the status of all authentication and enterprise integration controls transparently.
• **Row-Level Security (RLS)**: PostgreSQL schema-level isolation context.
• **UK Data Residency**: UK-hosted primary database and storage (AWS eu-west-2).
• **Audit Trails**: Append-only audit logs where supported.
• **Auto-Purging**: Configurable lifetime limits on statement processing.
• **Parallel Tenancy**: Isolated pilot database clusters.
• **Custom DPA**: Pre-execution of UK-standard DPAs.
• **Reviewer Training**: Hand-on workshops for family law teams.
• **Security Q&A**: Interactive vendor questionnaire support.
• **SAML 2.0 / SSO**: Okta & Microsoft Entra ID native integration *(Planned Q3)*.
• **SCIM User Provisioning**: Automated team lifecycle synchronisation *(Planned Q4)*.
• **Azure AD Sync**: Directory sync for large practices *(Planned Q4)*.
• **SOC 2 Type II**: External auditor verification certification *(In Progress)*.