Shout is a privacy-first platform where data protection and security are engineered into all of our tools. We're compliant with the GDPR, UK-GDPR, CCPA, and other international data protection regulations.
General Data Protection Regulation compliance for EU and international data subjects.
UK General Data Protection Regulation compliance post-Brexit.
California Consumer Privacy Act compliance for California residents.
Our production server is hosted in the UK. All development and support is conducted from the UK. Encrypted backups are stored in Microsoft Azure with geo-redundancy.
All data is protected with strong encryption standards, both in transit and at rest.
Multiple layers of network protection sit between the internet and your data.
We ensure your data is always available and recoverable.
We operate a zero-trust security framework, which requires all users to be authenticated, authorised, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.
TOTP-based 2FA enforced on all devices and servers
Google Workspace SSO with Cloudflare Access for admin areas
Conditional access with minimal permissions for all users
Centrally managed devices with endpoint detection and compliance monitoring
All development is done on hardened Linux machines with full disk encryption, centrally managed policies, and endpoint detection.
All code changes go through automated build and deployment pipelines. No manual deployments to production.
Every change is peer reviewed before it reaches production. All work is tracked in version control with a full audit trail.
Group contacts by lawful basis for processing their data.
Collect and record explicit consent directly to contact profiles.
Separate personal data from response data for maximum compliance.
Automatically purge PII from reports when deleting contacts.
Have questions about our security or compliance measures? Our team is here to help.
help@shout.com