Security & confidentiality

Account security

Secure browsing & application data protection
The NUMARQE application uses industry-standard encryption methods to protect data at rest and in motion. This is achieved in transit using HTTPS AES-256 or better, where data transmission happens between customer browsers and our application and APIs. We use Amazon's RDS and S3 services to store application data. All data stored AES-256 (or better) encrypted, as are our automated backups, read replicas, and snapshots. The transmission with RDS and S3 uses Transport Layer Security (TLS) v1.2.
Data access
NUMARQE isolates our database instances in our virtual private network. Extremely limited access is granted by using industry-standard encrypted IPSec VPN for maintenance purposes only.
Automatic session expiry
After a period of inactivity or time, user sessions are expired to prevent unsanctioned access to a user's account.

Account authentication

Identification and password
NUMARQE encourages and enforces strong password requirements and supports additional factors via mobile biometric authentication such as Face ID and Touch ID.
Identify verification
As users onboard and accounts are created, all users, by default, are required to set up an additional factor for authentication. Knowing a user's password is not enough, and an additional factor will be presented. All sensitive user action amendments to the platform and account require users to re-authenticate to confirm the intended user is performing the correct action.
Device verification
One-time authorisation challenges for registering new devices approved for authenticating users to the platform.

Data centre

Physical security
NUMARQE uses Amazon’s AWS services for hosting our platform application data and business logic. Additionally, Vercel is used to host and serve our static frontends, which also uses AWS. No data used to operate our platform is stored at Vercel. For more information: AWS Compliance
Onsite security
Our cloud service providers implement layered physical security controls to ensure on-site security, including vetted security guards, fencing, video monitoring, intrusion detection technology, and more. For more information: AWS Physical Security

Recovery and availability

Availability and continuity
NUMAQRE is deployed on public cloud infrastructure. Services are deployed to multiple zones for availability and are configured to scale dynamically in response to measured and expected load. Our continuous integration processes incorporate simulated load tests and API response time tests. 
Disaster recovery
In the event of a significant outage, NUMARQE has the ability to deploy a new instance of the application to a new hosting environment in a different region. Our Disaster Recovery plan ensures the availability of services and ease of recovery during such a disaster. This plan and its processes are tested and reviewed regularly as we evolve and continuously improve.

Application security

Environment segregation
Development, staging and production environments are separated. No customer data is used in any non-production environment and is highly restricted.
Code quality controls
Our quality controls are baked into our continuous integration processes, review and test the code base. We analyse code for uniformity, library use, optimisation techniques and known security issues, and developers peer review all code before it is merged into master branches to ensure that it is fit for purpose.

Privacy and third-parties

Data Privacy
Protecting customer privacy is key to our philosophy and success. We fully manage where and how we store customer data and do not include customer data in any system or environment other than our production services. The NUMARQE privacy policy, which describes how we handle data, can be found here
Trusted Vendors, Third-Party Security
There are risks associated with improper vendor management. We evaluate and onboard all our vendors. We take steps to evaluate their information security standards and make sure they comply with the standards we upheld ourselves by or better. NUMARQE works with PCI DSS-certified partners to safeguard your payment information to provide you with the best level of service. We re-assess all vendors on an ongoing basis and generally have a relationship with them. 
2024 Numarqe Limited, All rights reserved. Numarqe Limited is registered under company registration number 12587141, 47 Red Lion Street, London, England, WC1R 4PF. Numarqe Capital Limited is registered under company registration number 13726764, 47 Red Lion Street, London, England, WC1R 4PF.
Opens LinkedIn