FAQ
Security and Trust FAQ
Common technical diligence questions and direct answers based on current implemented controls.
Questions Published
7
Last Updated
2026-03-04
Where is customer investigation data hosted?+
Customer evidence, investigation findings, and primary data infrastructure are hosted in the United Kingdom. Core database and processing services are aligned to UK residency requirements described in the security overview.
Does customer investigation data get stored at the edge?+
No. Frontend code may be delivered through global edge infrastructure for performance, but customer investigation data is retrieved from UK-hosted backend systems.
How is privileged backend access protected?+
Privileged paths are protected using network allowlisting plus layered authentication controls, including client certificate requirements, credentials, and OTP-based MFA.
How do you enforce organization-level data isolation?+
Strand enforces row-level security in PostgreSQL. Access checks validate authenticated session context, organization membership, and investigation-level authorization before records are returned.
What encryption standards are applied?+
Platform traffic is protected with TLS 1.2+ in transit, and application database storage uses AES-256 encryption at rest.
Which certification is currently held?+
Strand currently holds Cyber Essentials. Trust-center claims focus on implemented and verifiable technical controls.
Can we request additional security documentation?+
Yes. Contact [email protected] for security questionnaires or additional due-diligence documentation requests.