A single hub to secure your company's information: who can access what, how it's encrypted, how you stop it leaking by mistake. Practical, tailored to your stack, no needless bureaucracy.
Quick self-qualification: do you recognise yourself in one of these?
Data scattered across shared Drives, email and a dozen tools: nobody really knows who accesses what. We bring order.
You're preparing ISO 27001 or GDPR and need real controls over access, encryption and data handling.
See ISO 27001You process client or user data and must show you protect it: classification, access control and leak prevention.
See GDPRData protection here means protecting your company's information across its whole lifecycle: knowing what data you hold and how sensitive it is, controlling who can access it, encrypting it at rest and in transit, and stopping it from leaking by mistake or attack.
It isn't a single product: it's a coordinated set of controls over people, data and the tools you already use (Google Workspace or Microsoft 365, password manager, cloud storage). We put them in place pragmatically, starting from the real risks.
The pillars we work on. Some have a dedicated page.
Centralised identity, SSO/MFA, least privilege and periodic access reviews. Clean onboarding and offboarding.
Workspace & IdentityRules to stop sensitive data leaving via email, sharing or unauthorised downloads.
Encrypting data at rest and in transit, key and secret management, encrypted disks on devices.
We label data by sensitivity (public, internal, confidential) so protection rules follow the data.
Hardening Google Workspace or Microsoft 365: sharing, permissions, retention, log auditing.
Learn moreCompany password manager: team vaults, secure sharing, no more passwords in spreadsheets.
A staged method. AI speeds up the repetitive part (inventory, first-pass analysis, policy drafts); people do the analysis and validate. Your data stays protected: it's our day job.
We map existing data, tools and access.
We label data and surface the priority risks.
Access, DLP, encryption and governance tailored to your stack.
We configure Workspace/M365 and 1Password.
We check the rules work and keep an eye on access.
Data protection is partly a project (initial setup: classification, DLP rules, hardening) and partly ongoing management (access reviews, rule maintenance, monitoring).
For setup we give a 'from' price pinned down after the initial assessment; the managed part is a subscription, sized on number of users and complexity. See the pricing page for the ranges.
No. GDPR is a regulation on personal data protection; the data protection we mean here is the set of technical and organisational controls (access, DLP, encryption, classification) that protect data. These controls also help you comply with GDPR, but they don't cover all of it.
Yes. We work on the stack you already use: Google Workspace or Microsoft 365, 1Password, your cloud storage, without forcing you to replace everything. Where useful, we suggest targeted additions.
It's labelling data by sensitivity (public, internal, confidential). It matters because protection rules (who accesses, what can leave, how it's encrypted) can then automatically follow the data's level, instead of treating everything the same way.
A well-configured DLP protects without getting in the way: rules target real risk (sensitive data leaving where it shouldn't), not day-to-day work. We tune it together starting from your workflows.
Yes. Removing hidden metadata in files (author, revisions, GPS) is a dedicated service. It's useful before sharing documents externally, but it's a different thing from GDPR anonymisation.
Removing hidden metadata from documents before sharing them externally. A dedicated service.
Learn moreHardening of Google Workspace/M365, IAM, SSO/MFA and 1Password. The heart of access management.
Learn moreWhat GDPR requires and how data protection contributes to compliance. Informational.
Read the guideTell us your need: we map access and sensitive data and tell you where to start, honestly.