Everything your procurement team will ask.
Fortoxa is a security company, so we start from the same documents we'd expect from anyone touching our data. Pick the page you need.
Last updated: 2026-04-19
Security
Encryption, access control, infrastructure, secure development, monitoring.
Subprocessors
Every third party that processes customer data, the role they play and where they operate.
Data Processing Agreement
Our standard DPA with UK GDPR and EU GDPR terms and Standard Contractual Clauses.
Compliance mappings
How Fortoxa maps to Cyber Essentials Plus, NCSC CAF, GDPR Article 32 and NIS2.
Status
Current service health and recent incidents.
Responsible disclosure
How security researchers can test and report findings safely.
TODO — founder input required
Add registered entity details (company number + HQ address), dedicated trust-desk email ([email protected]), and a confirmed subprocessor list before launch.
Security questionnaire?
We have pre-filled answers to common questionnaires (CAIQ, SIG Lite, vendor-risk short form). Ask us and we'll send the right one.
Request questionnaire