Security and compliance are our foundation

Designed from the ground up to safeguard your data, REGREP adheres to the industry’s highest standards of security and privacy.

Security by design

REGREP is designed as a regulatory reporting platform where security, resilience, and data protection are embedded at the architectural level. Our approach recognises that regulated institutions require not only functional capabilities, but also confidence that systems supporting regulatory reporting are built and operated with appropriate safeguards.

Security controls are applied proportionately, based on risk, data sensitivity, and operational context, and are continuously reviewed as our platform and services evolve.

REGREP provides technical and organisational measures to support secure operation of the platform. Responsibility for governance, regulatory compliance, and supervisory accountability remains with the customer, as described in our Legal and Regulatory Disclaimer.

World-class security and privacy standards

We combine strict access controls, continuous monitoring, and end-to-end encryption to protect every step of your regulatory reporting workflow. Sensitive data stays isolated, audited, and fully traceable – never exposed, never shared.

Data centers

All data is hosted in Amazon Web Services (AWS) data centers, protected by enterprise-grade physical, network, and environmental security controls.

Encryption

Data is secured using strong encryption in transit (TLS) and at rest (AES-256). Personally identifiable information receives an added layer of application-level encryption for enhanced protection.

Uptime

Built on a fault-tolerant architecture, our platform stays available and responsive—even during extreme traffic or regulatory reporting surges.

Layered Security Architecture

Isolated networks, full access logging, and unique credentials form our defense-in-depth approach.

Cybersecurity Hardening Program

Continuous hardening, annual pen tests, weekly scans, and attack-surface monitoring keep threats contained before they impact your environment.

Data residency

Choose to store data in Amazon Web Services (AWS) datacenters with enterprise-grade physical and network security in the EU, US, and/or APAC-based regions.

Data protection and privacy

REGREP processes personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

Depending on the context:

  • REGREP acts as a data controller for website and business relationship data.

  • REGREP acts as a data processor when processing personal data on behalf of customers within the platform.

Processing as a processor is governed by REGREP’s Data Processing Agreement (DPA). Further information is available on the GDPR & Data Protection page.

REGREP does not access or use customer data beyond what is necessary to provide the Services and to meet contractual and legal obligations.

Operational security and access controls

Access to REGREP systems is restricted based on role and operational need. Authentication, authorisation, and logging controls are used to help prevent unauthorised access and to support traceability.

Operational procedures are designed to limit access to customer data and to ensure that access is granted only where necessary for service delivery, maintenance, or support.

Incident and vulnerability management

REGREP maintains processes for identifying, assessing, and responding to security incidents and vulnerabilities in a structured manner.

Bug bounty and vulnerability disclosure

REGREP maintains a vulnerability disclosure program covering approved asset scopes.

Security researchers and other parties may report potential vulnerabilities by contacting:

security@regrep.eu

By submitting a security bug or vulnerability, you agree that:

  • Reports are made responsibly and in good faith

  • Findings will not be publicly or privately disclosed without REGREP’s prior written approval

  • REGREP will assess and respond to reported issues in line with its internal security processes

Shared responsibility

Security within REGREP follows a shared responsibility model.

REGREP is responsible for securing the platform and underlying infrastructure within its control. Customers remain responsible for:

  • User access management

  • Data accuracy and governance

  • Regulatory decision-making and compliance

  • Configuration and use of the Services in line with their internal policies

Relationship to legal and regulatory documentation

This Security page should be read together with REGREP’s:

Nothing on this page should be interpreted as a guarantee of regulatory compliance, supervisory acceptance, or specific security outcomes.

Contact

For security-related enquiries or vulnerability disclosures, please contact:

security@regrep.eu