Security & Data Handling
Veriscopic (operated by A Journey Ltd, Company No. 15963421) is designed with security, integrity, and auditability as first-class concerns. Controls are applied to support governed decision-making and external scrutiny.
This page describes our security posture and data handling approach. It does not constitute certification, accreditation, or regulatory approval.
What we do — and what we don’t
| We do | We don’t |
|---|---|
| Apply layered security controls across infrastructure, application, and data handling | Claim regulatory certification or formal accreditation |
| Preserve governance records in a tamper-resistant, verifiable form | Provide legal advice or compliance determinations |
| Restrict access by role, scope, and declared authority | Use customer data for advertising or AI training |
| Support independent verification of evidence integrity | Make claims about the quality or outcomes of decisions |
Infrastructure security
Veriscopic is deployed within secure cloud infrastructure environments with encryption in transit (TLS) and encryption at rest. Logical separation is applied between customer environments to prevent unauthorised cross-tenant access.
Administrative access is restricted to authorised personnel under least-privilege principles and is subject to logging and review.
Authentication and access control
Authentication uses industry-standard identity mechanisms, including support for third-party identity providers where appropriate. Access is restricted through role-based access controls (RBAC) aligned to organisational scope and declared authority.
Privileged actions and configuration changes are attributable to individual user identities.
Data protection and processing
Customer data is processed solely to provide the platform and support governance workflows. Veriscopic does not sell customer data and does not use customer data to train AI models.
Where applicable, Veriscopic acts as a data processor under customer instruction and in accordance with applicable data protection laws. See our Privacy Policy for further detail.
Evidence integrity
Governance records and evidence artefacts are structured to preserve integrity through versioning, timestamping, and cryptographic fingerprinting where applicable.
Evidence manifests may include deterministic identifiers enabling independent verification of integrity without requiring disclosure of underlying content.
Integrity guarantees are defined by the Veriscopic Evidence Standard (VES), not by discretionary marketing claims.
Audit logging and traceability
Platform interactions, configuration changes, and access events are logged to support accountability and evidential traceability.
Logs are retained in accordance with defined retention policies and support reconstruction of governance context under audit, insurer, or regulatory review.
Data retention
Data is retained only for as long as required to provide contracted services, maintain evidential continuity, and meet legal or regulatory obligations. Customers may request deletion of account data subject to contractual and legal constraints.
Ongoing review
Security is treated as an ongoing process. Controls and practices are reviewed as the platform evolves and as regulatory, insurer, and industry expectations change.
Detailed security documentation may be made available under NDA upon request.
Registered Office: Suite 7034, 321-323 High Road, Romford, Essex, United Kingdom, RM6 6AX · Company No. 15963421