Security Statement
How we operate the security of this website and our engagements.
Our security posture
AnInnovation Ltd. delivers technical work for regulated sectors. We hold ourselves to standards consistent with our clients' security requirements.
This website
aninnovation.co.uk is a static marketing site hosted on Vercel's edge network. Controls in place:
- TLS 1.3 with strong cipher suites; HTTP requests redirect to HTTPS
- HTTP Strict Transport Security (HSTS) with preload
- Security headers:
X-Content-Type-Options,X-Frame-Options,Referrer-Policy,Permissions-Policy - No client-side analytics, tracking, or third-party JavaScript
- Contact form submissions validated server-side and protected by an origin allowlist
Data handling
The site does not store contact form data on its own infrastructure. Submissions are delivered as email and processed as ordinary correspondence. We do not maintain a customer database, CRM, or analytics warehouse on this domain.
SC clearance and engagement security
Lead consultants assigned to government engagements maintain active SC clearance subject to regular review. Engagement-level controls — approved networks, hardware, document handling, secure communications — are agreed with each client and embedded into delivery.
Vulnerability disclosure
If you have identified a security issue with this website or our infrastructure, please contact:
We acknowledge legitimate reports within 72 hours and aim to respond substantively within 30 days. We do not currently operate a bug bounty programme.
For coordinated disclosure metadata, see /.well-known/security.txt.
Compliance
We work in regulated environments (UK Public Sector, Banking) and align to UK GDPR, the Data Protection Act 2018, and sector-specific guidance where applicable. Specific certifications and audit reports relevant to client engagements are shared on request and under NDA.