Security Overview

1. Our Commitment to Security

At Outwizar, security is built into how we design and operate our service. We understand that you trust us with your personal information, style preferences, and subscription details, and we apply industry-standard practices to keep that data protected.

2. Data Encryption

• Encryption in transit: all data transmitted between your device and our servers is encrypted using modern TLS.
• Encryption at rest: sensitive data stored in our databases is encrypted using industry-standard algorithms (AES-class).
• Payment data: billing and payment-card data is handled by Apple and Google — it does not flow through Outwizar servers.

3. Infrastructure Security

• Cloud platform: we run on reputable cloud infrastructure that operates under recognised security certifications.
• Network security: firewalls and intrusion-detection controls monitor traffic into our systems.
• DDoS protection: edge-level protection helps keep the service available under attack.
• Backups: automated, encrypted backups are taken regularly and stored in separate locations for resilience.

4. Access Controls

• Role-Based Access Control (RBAC): staff only have access to the data necessary for their role.
• Multi-Factor Authentication (MFA): internal systems require MFA for access.
• Privileged access management: access to sensitive systems is logged and reviewed.
• Least privilege: we grant the minimum level of access required for each task.

5. Application Security

• Secure development: security is considered throughout the development lifecycle.
• Code review: code changes are peer-reviewed with security in mind before they land.
• Automated testing: static and dynamic security testing runs in our CI pipelines.
• Dependency scanning: third-party libraries are regularly scanned for known vulnerabilities.

See our Application Security page for more detail.

6. Monitoring and Incident Response

• Logging & alerting: centralised log management helps us identify and respond to potential threats.
• Incident response plan: we maintain documented procedures for handling security incidents.
• Breach notification: in the unlikely event of a data breach, we will notify affected users and the ICO in line with UK GDPR requirements.

7. Compliance

• UK GDPR & Data Protection Act 2018: we operate in line with UK data-protection law (see our Privacy Policy).
• Payment card data: payment processing is handled by PCI-DSS compliant providers (Apple / Google).

Independent certifications (such as ISO 27001 or SOC 2) are not claimed unless explicitly listed here.

8. People & Training

• Background checks: employees with access to user data undergo background verification.
• Security training: regular security awareness training is mandatory.
• Confidentiality: all employees sign confidentiality and data-protection agreements.

9. Your Account Security

• Strong password requirements where email / password sign-in is used.
• Sign in with Apple / Google is supported and recommended for most users.
• Session management: sessions time out and can be invalidated remotely.
• Login notifications: alerts when your account is accessed from a new device (where applicable).

10. Contact Us

• Security team: [email protected]
• Vulnerability reports: please follow our Responsible Disclosure Policy.