Trust & Compliance
Security by design
EchoDepth is built for regulated financial services. Security, privacy, and compliance are architectural requirements — not afterthoughts.
Compliance matrix
Certifications and regulatory status for EchoDepth deployment.
ISO 9001 Certified Infrastructure
EchoDepth runs on ISO 9001:2015 certified infrastructure. Quality management systems cover development, deployment, and operational processes.
Status: Active
Cyber Essentials
UK Government-backed certification for cyber security baseline. Covers firewalls, secure configuration, access control, malware protection, and patch management.
Status: Certified
FCA Regulatory Sandbox
Participant in the FCA's regulatory innovation programme. EchoDepth has been tested within the FCA's controlled environment for financial services innovation.
Status: Participant
ICO Registration
Registered with the UK Information Commissioner's Office for data protection compliance.
Registration: ZB915633
UK GDPR Compliance
Full compliance with UK General Data Protection Regulation. Privacy by design architecture. Data Processing Agreements available for all deployments.
Status: Compliant
Article 22 UK GDPR
EchoDepth outputs are advisory signals for human review. All deployment contracts explicitly prohibit automated decisions producing legal or similarly significant effects.
Status: Enforced
Data Architecture
No biometric data stored. No exceptions.
EchoDepth processes video and audio in memory. Raw media is never stored. Only structured output data (VAD scores, AU activations, vulnerability flags) is retained.
- Video frames processed in memory, discarded after analysis
- Audio streams analysed in real-time, no recordings retained
- Only structured scores and flags are output
- No facial recognition or identity matching
- No biometric templates created or stored
- Data residency options: UK, EU, or on-premises
Security Architecture
Built for regulated environments.
EchoDepth's security architecture is designed for deployment in FCA-regulated financial services firms.
TLS 1.3 for all API communications. HSTS enforced.
AES-256 encryption for all persisted data.
Role-based access control. API key authentication. Audit logging.
On-premises option for organisations where data cannot leave the network.
Compliance documentation
Available documentation for security review and procurement.
Data Protection Impact Assessment
DPIA documenting data processing activities, risks, and mitigations for EchoDepth deployment.
View DPIA →
Legitimate Interest Assessment
LIA documenting the legitimate interest basis for processing under UK GDPR Article 6(1)(f).
View LIA →
Privacy Policy
Full privacy policy covering data collection, processing, retention, and rights.
View Policy →
Need additional documentation for security review? Contact us for Data Processing Agreements, penetration testing reports, and vendor assessment questionnaires.
Security contact
Report security vulnerabilities or request security documentation.
Email: security@cavefish.ai
See also: security.txt