Secure by Design

When coding IMPROVE, every line has been written with data security in mind. We also review and externally test our software frequently to stay one step ahead of changing threats.

We’re continuously improving our internal processes and security measures to ensure complete platform assurance, and we actively pursue certification to national and global best practice security standards. We are both Cyber Essentials and IASME GDPR Certified.

Additionally, everyone who works at IMPROVE has been security vetted in accordance to their job role. We make sure there are robust process and controls in place which restrict the access of your data.


We regularly review how we can most securely store your data. We protect it in three key dimensions...

What we’re storing

We store only necessary information, as collected by you. Individual logins mean that your team members can keep their details accurate and up to date, ensuring that you meet your legal obligations as an employer.

How we’re storing it

We encrypt your data both at rest and in transit, and our site and storage processes are architected for security. All traffic between IMPROVE and the user’s browser is encrypted in transit. We support TLS exclusively and only utilising strong cipher suites.

Who can access it

We have extensive internal access controls and regulations here at IMPROVE. All employees have access to data under limited conditions. Within our software you can set user roles for all employees to restrict access to materials and data content.

We follow the principles of the General Data Protection Regulation of May 2018. We have a designated Data Protection Officer, and accountability and privacy are principles that are designed into both our software and policies.

Our core compliance with the act means we...

Have full awareness of where any of your data is being held & when outside the EU, ensuring appropriate compliance is in place.

Ensure that only those who require access to your data are able to & we have the highest level of protection against unauthorised access.

Ensure you have the right to view, amend, export or delete any information that we hold on your behalf, including anything held by 3rd party services.

Ensure that consent is given during the sign-up process for all that use IMPROVE and allowing you to withdraw this at anytime.

Further information can be found in our Privacy Policy, EULA and Terms of Service Our Data Protection Officer is on hand should you have any concerns or issues, they can be contacted at

Frequently asked questions.


PCI DSS Compliant
IASME Consortium
Cyber Essentials