Compliance matrix

Certifications and regulatory status for EchoDepth deployment.

ISO 9001 Certified Infrastructure

EchoDepth runs on ISO 9001:2015 certified infrastructure. Quality management systems cover development, deployment, and operational processes.

Status: Active

Cyber Essentials

UK Government-backed certification for cyber security baseline. Covers firewalls, secure configuration, access control, malware protection, and patch management.

Status: Certified

FCA Regulatory Sandbox

Participant in the FCA's regulatory innovation programme. EchoDepth has been tested within the FCA's controlled environment for financial services innovation.

Status: Participant

ICO Registration

Registered with the UK Information Commissioner's Office for data protection compliance.

Registration: ZB915633

UK GDPR Compliance

Full compliance with UK General Data Protection Regulation. Privacy by design architecture. Data Processing Agreements available for all deployments.

Status: Compliant

Article 22 UK GDPR

EchoDepth outputs are advisory signals for human review. All deployment contracts explicitly prohibit automated decisions producing legal or similarly significant effects.

Status: Enforced

Data Architecture

No biometric data stored. No exceptions.

EchoDepth processes video and audio in memory. Raw media is never stored. Only structured output data (VAD scores, AU activations, vulnerability flags) is retained.

  • Video frames processed in memory, discarded after analysis
  • Audio streams analysed in real-time, no recordings retained
  • Only structured scores and flags are output
  • No facial recognition or identity matching
  • No biometric templates created or stored
  • Data residency options: UK, EU, or on-premises

Security Architecture

Built for regulated environments.

EchoDepth's security architecture is designed for deployment in FCA-regulated financial services firms.

Encryption in Transit

TLS 1.3 for all API communications. HSTS enforced.

Encryption at Rest

AES-256 encryption for all persisted data.

Access Control

Role-based access control. API key authentication. Audit logging.

Edge Deployment

On-premises option for organisations where data cannot leave the network.

Security contact

Report security vulnerabilities or request security documentation.

Email: security@cavefish.ai

See also: security.txt