Skip to content
  • Secure by design
  • Data protection
  • Security measures

‍At EasyPeasy, every line of code is crafted with your security in mind. We adopt the latest framework releases, leverage proven modules, and integrate core security principles into every phase of our software development process. Our commitment to security is demonstrated through continuous reviews and external testing to stay ahead of emerging threats.

We are dedicated to constantly enhancing our internal processes and security measures to provide complete platform assurance. EasyPeasy is proud to be Cyber Essentials certified. Every team member undergoes security training and is subject to strict access controls to safeguard our users’ and customers’ data.

Security Certificates

We ensure the protection of your data by focusing on three key dimensions:

  • Data Minimisation: We only store necessary information, as provided by you.
  • Secure Storage: Your data is encrypted both at rest and in transit. Our storage processes are designed for maximum security, as detailed in our security measures.
  • Access Control: We have robust internal access controls. Our team members can access data only under specific conditions and after thorough security checks. You can also set account roles within our software to restrict access to sensitive information​.

We comply with the General Data Protection Regulation (GDPR) and have a designated Data Protection Officer to ensure accountability and privacy are embedded in our software and policies. Our compliance measures include:

  • Full awareness of data locations, ensuring compliance even outside the EU.
  • Restricting data access to necessary personnel and protecting against unauthorised access.
  • Enabling you to edit, update, delete and export any information we hold.
  • Obtaining consent during sign-up and allowing its withdrawal at any time.

You can review the exact standards we hold ourselves to via our Privacy Policy.

For any concerns, you can contact our Data Protection Officer.

Frequently asked questions
Are you compliant with GDPR?
Based on our current ICO audit and that of our Data Protection Officer, we are currently compliant.
Who is the EasyPeasy DPO?
Our Data Protection Officer (DPO) is Founder & CEO, Jen Lexmond. They can be contacted at dpo@easypeasyapp.com
Do you market other services to registered users of EasyPeasy?
No, we do not market other services to registered users of EasyPeasy.
How long do you retain our data?
Our retention periods are defined by you. You have complete control of what data is held on our system and are free to remove or amend it at any time.
Where is our Personally Identifiable Information (PII) data held?
Personally Identifiable Information (PII) data is held within the EU.
Do you have a training programme in place for all staff who have access to user data?
Yes, all EasyPeasy staff receive data protection training. 
If I were to ask you to remove all data I have provided to you, would you be able to do that in a timely fashion?
Of course. Our Data Subject Access Request (DSAR) procedure outlines the process for handling and responding to DSARs received from data subjects in a timely fashion.
Do you have a process in place for reporting personal data breaches?
Yes, we do. Our data breach reporting policy and procedure outlines the steps for identifying, reporting, and responding to data breaches to minimise the impact on affected individuals and mitigate risks to the organisation.
Do you have an information security policy?
Yes, we do. Our information security policy outlines our commitment to implementing robust security measures and controls to protect against various risks and threats.
Do you have a Data Protection Impact Assessment?
Yes, we do – you can view it here.

EasyPeasy is committed to maintaining the highest security standards through several measures:

  • Encryption: All traffic between users and our systems is encrypted in transit.
  • Access Control: We implement multiple layers of access controls, and only authorised personnel can access sensitive data.
  • Regular Audits and Testing: Our software undergoes frequent security audits and testing to ensure resilience against threats.
  • Certifications: We adhere to national and global best practice security standards and hold certifications including Cyber Essentials.
  • Employee Training: Our team members receive regular security training and are thoroughly vetted before accessing any customer data​.
  • Code review: We draw on industry experience, both internal and external, to ensure our code is readable and maintainable. This helps us develop secure systems with ease and confidence.
  • Secure software development life cycle: We prioritise security in all feature designs and builds to ensure we always maintain our standards.
  • HTTP strict transport security: Our application forces all requests over HTTPS, ensuring all traffic is secured in transit and protecting against protocol downgrade attacks.
  • Encryption at rest: Our database has automatic encryption at rest, cloaking your data in another layer of protection.
  • High availability: We've designed EasyPeasy to ensure high availability throughout the platform.
  • Regular vulnerability scans: We test our product regularly by running vulnerability scans to ensure the safety of your data.

By integrating these measures, EasyPeasy ensures that your data is protected with the utmost care and security. For more detailed information, please refer to our privacy policy or contact our support team.