Security & Compliance

Shout is a privacy-first platform where data protection and security are engineered into all of our tools. We're compliant with the GDPR, UK-GDPR, CCPA, and other international data protection regulations.

Compliance Standards We Meet

GDPR

General Data Protection Regulation compliance for EU and international data subjects.

UK-GDPR

UK General Data Protection Regulation compliance post-Brexit.

CCPA

California Consumer Privacy Act compliance for California residents.

Core Security Infrastructure

UK Data Centers

All development and support is conducted from the UK. All data centres meet industry standards for information management systems and physical security.

  • ISO 27001:2013 certified
  • 24/7 security monitoring
  • CCTV and access controls

Encryption

All data is protected with industry-leading encryption standards.

  • TLS 1.2+ in transit
  • AES 128+ at rest
  • Perfect Forward Secrecy

Network Security

Multiple layers of network protection.

  • Next-Gen firewalls
  • DDoS protection
  • Web Application Firewall

Business Continuity

We ensure your data is always available.

  • Geographic redundancy
  • Hot-standby servers
  • Encrypted backups

Zero-Trust Security Framework

We've worked with a zero-trust security framework since 2001, which requires all users to be authenticated, authorised, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.

Hardware Security Keys

FIDO2 hardware keys for critical systems

Biometric Authentication

Windows Hello and 2FA

Single Sign-On (SSO)

2-factor protected for all staff

Least Privilege

Minimal access levels for all users

Built-In Compliance Features

Compliance Groups

Group contacts by lawful basis for processing their data.

Record Consent

Collect and record explicit consent directly to contact profiles.

Pseudonymize PII

Separate personal data from response data for maximum compliance.

DPO Information

Enter your Data Protection Officer's contact information.

Data Processing Agreement

Sign a DPA with us for your compliance records.

Right to Deletion

Automatically purge PII from reports when deleting contacts.

Need More Information?

Have questions about our security or compliance measures? Our team is here to help.