Security & data protection
Security & Data Protection
PPWR Copilot is built by a UK company (PPWR Copilot Ltd · Company No. 16636719 · ICO Registered ZB974172). Here is a high-level summary of how your data is protected — and how to request our full security pack.
Encryption & access
Connections are served over HTTPS (TLS 1.2+) and data is encrypted in transit and at rest, with HTTP security headers applied. Sign-in is passwordless by default — a single-use, time-limited magic link — with server-side sessions and HttpOnly, Secure cookies; any password you set is stored only as a bcrypt hash, never in plain text.
What we store — and don’t
We store your account details, the packaging data you enter, and the documentation prepared for your account. We do not store payment-card data — payments are handled entirely by Stripe. Your packaging and account data is never used for model training, marketing, or any other secondary purpose.
Data deletion
You can request deletion of your data at any time by emailing sean@ppwrcopilot.com. Deletion requests are handled within 30 days.
Data Processing Agreement & sub-processors
We rely on a small, vetted set of sub-processors under appropriate data-processing terms. A Data Processing Agreement, current sub-processor register and deletion-process summary are available on request for enterprise and regulated-industry customers.
Honest about our stage
We are an early-stage platform. SOC 2 Type II and ISO 27001 certification, multi-factor authentication and formal penetration testing are on our roadmap but not yet in place — we would rather tell you that than imply otherwise.
Security-pack & DPA requests: Sean Kirkwood, Founder — sean@ppwrcopilot.com