🔒 Trust & Security

Data Security at
Logentrix Systems

Data security is a core part of how we design, build, operate, and improve our services. Here's exactly how we protect your data.

Last updated: April 2026

On this page
Security Principles Shared Responsibility Model Infrastructure Security Application & Service Security Data Protection & Encryption Access Control & Authentication Monitoring, Detection & Incident Response Data Retention & Deletion Third-Party Risk & Subprocessors Compliance & Governance Contact
Overview
Our approach to data security

At Logentrix Systems, data security is a core part of how we design, build, operate, and improve our services. We understand that customers trust us with business data, operational data, and platform interactions, and we take that responsibility seriously.

Our approach is based on layered protection across infrastructure, applications, access, monitoring, and operational governance. Rather than relying on any single safeguard, we apply a combination of technical and organizational controls intended to protect the confidentiality, integrity, and availability of data throughout its lifecycle.

Foundations
Security Principles

Our approach is guided by a set of foundational security principles that inform every design decision, access policy, and operational procedure.

🔒
Confidentiality
Data is accessible only to authorized users, systems, and personnel.
Integrity
We protect data against unauthorized modification and maintain its accuracy and reliability.
Availability
Services are designed and operated with the objective of keeping systems and data available when needed.
🎯
Least Privilege
Access is granted only to the extent required for a specific role or task, limiting unnecessary exposure.
🛡️
Defense in Depth
Multiple layers of security controls across infrastructure, applications, and monitoring — no single point of protection.
🔄
Continuous Improvement
Security is not static. We continuously review and improve controls and practices to adapt to evolving risks.
Responsibility
Shared Responsibility Model

Security responsibilities are divided between our infrastructure provider and Logentrix Systems. Secure hosting alone does not secure the full customer environment — we apply our own controls within the scope we directly manage.

🏢 Infrastructure Provider
Physical data center security
Hardware and environmental protections
Core networking and infrastructure resilience
Platform-level controls
🔐 Logentrix Systems
Application security
Service configuration and hardening
User and administrative access controls
Secure communications
Data handling practices
Monitoring and incident response
Internal operational procedures
Infrastructure
Infrastructure Security

Our services are hosted on infrastructure provided by Hostinger. By default, customer data is hosted in EU data centres. Where customers have specific data residency requirements, we can review and accommodate those requirements where feasible.

🏗️
Secure Hosting Environment
Production systems run on hardened hosting infrastructure with physical and network-level protections managed by Hostinger.
🌍
EU Data Centres
Customer data is stored in EU-based data centres by default. Data residency requirements can be discussed on request.
📶
High Availability
Infrastructure supports resilience and uptime measures to maintain service availability for customers.
📋
Recognised Security Practices
Infrastructure configuration aligns with industry-recognised security standards and practices.
Application Layer
Application & Service Security

In addition to infrastructure-level protections, Logentrix Systems applies security controls directly to the services we own and operate.

⚙️
Web Server Hardening
Secure configuration practices applied to web servers and service components to reduce attack surface.
🔧
Secure Configuration Management
Controlled configurations for systems and services, minimising insecure defaults and unnecessary services.
💻
Secure Development & Deployment
Security is considered throughout the development lifecycle with attention to secure implementation practices.
🛡️
Common Web Risk Protections
Services are designed with awareness of broken access control, insecure input handling, and other application-layer threats.
🔐
Controlled Administrative Interfaces
Administrative and operational interfaces are restricted and protected against unauthorised access.
📝
Change Discipline
Operational and service changes are made in a controlled way to reduce instability and unintended security exposure.
Data Protection
Data Protection & Encryption
🔒
Data in Transit — TLS 1.2+
All communications with our services are protected using HTTPS with TLS 1.2 or higher, preventing interception or tampering during transmission.
💾
Data at Rest
Data at rest is protected within our hosting environment through infrastructure-level protections combined with Logentrix-managed access controls.
📉
Data Minimisation
Where possible, we minimise the collection and storage of sensitive personal data and avoid unnecessary retention.
🎯
Purpose-Limited Handling
Data is handled only in the context of delivering, maintaining, securing, and improving our services — not for unrelated purposes.
Access Control
Access Control & Authentication
🚪
Restricted Access
Access to systems, administrative functions, and customer-related data is restricted to authorised personnel with a legitimate business need.
📱
Multi-Factor Authentication
Administrative and infrastructure access is enforced with MFA to provide protection beyond passwords alone.
👤
Role-Based Access
Access is assigned according to roles and responsibilities so users receive only the permissions needed for their function.
🔑
Least Privilege Administration
Administrative privileges are limited and controlled to reduce risk from accidental or unauthorised activity.
🔍
Access Review & Revocation
Access is reviewed periodically and removed or updated when no longer required.
Detection & Response
Monitoring, Detection & Incident Response

Security requires not only preventive controls but also the ability to detect, investigate, and respond to issues effectively.

📊
Monitoring & Logging
We maintain monitoring and logging practices to support service visibility, operational oversight, and detection of suspicious or unauthorised activity.
🔎
Detection
We investigate indicators of abnormal behaviour, access anomalies, and other events that may suggest a security issue.
🚨
Incident Response
An internal incident response process covers identification, containment, investigation, remediation, and improvement based on lessons learned.
📣
Customer Notification
If a confirmed security incident affects customer data, impacted customers will be notified without undue delay, consistent with applicable obligations.
Data Lifecycle
Data Retention & Deletion

We retain data only for as long as needed to support service delivery, operations, and security objectives. Retention periods vary by plan.

🗓️
Plan-Based Retention
Log retention ranges from 1 day (Free) to 1 year (Enterprise) depending on the customer's plan. Customers can view their retention limit in the portal.
🗑️
Deletion
After the retention period, data is deleted or overwritten according to our operational practices.
📋
Customer Requests
Customers may request deletion of their data, subject to any limited retention requirements necessary for security, operational, or legal reasons.
Subprocessors
Third-Party Risk & Subprocessors

We use third-party providers selectively where they support the secure and reliable delivery of our services. Our key infrastructure subprocessor is:

🏢
Hostinger — Hosting & Infrastructure
Provides the underlying hosting infrastructure including data centres, hardware, and networking. EU data centres by default. We rely on Hostinger's infrastructure while applying our own service-level security controls on top.
💳
Stripe — Payment Processing
Handles payment processing for subscriptions. Stripe is PCI-DSS Level 1 certified. Logentrix Systems does not store or process card details directly.
Governance
Compliance & Governance

Logentrix Systems is currently in the process of pursuing ISO 27001 certification. While certification is not yet complete, we are aligning our practices with industry-recognised security principles and formalising governance across policies, procedures, and operational controls.

🏅
ISO 27001 — In Progress. We are actively working toward ISO 27001 certification and aligning our controls, policies, and procedures accordingly. We will publish this update when certification is complete.
📋
Defined Security Responsibilities
Clear ownership of security responsibilities across infrastructure, application, and operational layers.
📄
Documented Practices
Security and operational practices are documented and maintained to support consistency and auditability.
🔐
Access Control Discipline
Access control policies are enforced and reviewed as part of ongoing governance.
🚨
Incident Response Readiness
Incident response procedures are defined and maintained for rapid identification and containment of security events.
🔄
Ongoing Review & Improvement
Controls, policies, and practices are reviewed and updated as the business, services, and risk landscape evolve.
Get in Touch
Security Contact

For security-related questions, trust documentation requests, or customer security reviews, please contact our security team directly.

Security enquiries, vulnerability disclosures, and trust documentation requests
🔒 security@logentrixsystems.com
We aim to respond to security enquiries within 2 business days.