Security at Hovermarks

Hovermarks runs on Microsoft Azure UK South (London). All tenant data — SQL records, blob-stored photos, search indexes — stays in the UK by default. Backups replicate to UK West for disaster-recovery only; no data leaves the UK.

We do not currently offer a US data residency option. If your procurement policy hard-blocks UK-hosted data, contact us before signing — we can scope a US-region deployment.

• In transit: TLS 1.2+ enforced everywhere. HSTS preloaded. Older protocols disabled at the edge.
• At rest: AES-256 across the board — SQL transparent data encryption, Azure Blob server-side encryption, Key Vault for secrets.
• Application secrets: stored in Azure Key Vault with role-based access and audit logging on every read.

• Sign-in via your organisation's Microsoft Entra SSO, Hovermarks-managed credentials, or self-signup trial — each path enforces TLS, CSRF, and PKCE on OIDC.
• Multi-factor authentication is available on Hovermarks-managed accounts. SSO tenants inherit your IdP's MFA policy.
• Role-based access — SiteManager, TenantAdmin, Inspector — limits what each user can read or modify.
• Session ceiling: 8 days absolute, 30 minutes idle, with Conditional Access re-authentication for SSO tenants at 7 days.

• Point-in-time restore: 7 days of SQL PITR. Recover to any second within the window.
• Geo-redundant backups: async-replicated to UK West for region-level failure.
• Soft-delete: deleted records sit in a recoverable state for 30 days before purge; you can restore from the Recycle Bin in the admin UI.
• Tenant offboarding: on contract termination we hard-delete all tenant data within 30 days, with a written confirmation.

• Every privileged action (sign-in, licence change, tenant configuration, impersonation by Hovermarks support) is written to a tamper-evident audit log with HMAC chaining.
• Audit log entries are retained for the duration of your contract plus 12 months.
• Production application telemetry is captured in Azure Application Insights and reviewed for anomalies.

We use a small set of well-known sub-processors. Each is bound by their own contractual data-protection commitments. We'll notify you in advance of any change to this list.

• Microsoft Azure — application hosting, SQL, blob storage, identity (Entra External ID), Key Vault. UK South region.
• Stripe — billing, payment processing, tax computation. Stripe stores payment method data; we never see card numbers.
• Cloudflare — DNS, edge caching of static assets, DDoS protection.
• SendGrid — transactional email (invoices, notifications, magic links).

The current authoritative list lives at hovermarks.com/legal/sub-processors.

• GDPR / UK GDPR — we operate as a data processor on your behalf. Our Data Processing Addendum covers EU SCCs Module 2 and the UK addendum.
• SOC 2 Type II — under consideration. We have not yet completed an audit; we'll announce here when we engage an auditor.
• HIPAA, FedRAMP, ISO 27001 — not currently in scope.

Found a security issue? Email [email protected]. We aim to acknowledge within one working day and to share a fix timeline within five. We do not currently run a public bug-bounty programme, but good-faith reports are always welcomed and credited.