Security

Security & Privacy at Safewill

The security of your data is our highest priority at Safewill. This document outlines some of the policies, procedures and systems in place to ensure your data is protected.

Safewill is proud to be ISO 27001 certified, demonstrating our commitment to maintaining a secure, auditable, and continuously improving information security program.

Governance Security Program

Our security practices are governed by our ISO 27001 certified Information Security Management System (ISMS). This framework provides structure around:

• Least privilege access
• Risk-based decision-making
• Continuous improvement and auditing
• Documented policies, procedures, and controls

Our internal security and privacy teams oversee monitoring, incident response, policy enforcement, and compliance.

Data Protection

Data Encryption

• In Transit: All data is encrypted using TLS (HTTPS).
• At Rest: Sensitive data is encrypted using industry-standard algorithms.

Password Security

We enforce strong password requirements to keep user accounts secure:

• Minimum 8 characters
• Must include a number or special character
• Cannot include the user’s name or email address
• No plain-text passwords are ever stored — all passwords are salted and hashed

We recommend using a unique password for your Safewill account and updating it periodically.

Data Retention & Backups

Safewill uses Google Cloud SQL Point-in-Time Recovery (PITR) to maintain continuous backups. This enables precise restoration in the event of data loss or corruption.

Financial Security

Payment Processing

Safewill does not store or log any credit card information.

• Payment details are sent directly to our provider over encrypted connections.
• Payments are processed by Stripe, a PCI-DSS Level 1 compliant service provider (the highest standard in payment security).

Product & Application Security

Secure Development

• Code undergoes peer review and automated security checks.
• Static (SAST) and dynamic (DAST) analyses reduce vulnerabilities early in the development lifecycle.
• Secure coding practices follow ISO 27001-aligned standards.

Penetration Testing

Independent third-party pentests are performed annually across Safewill’s application and infrastructure. Summaries are accessible through our Trust Center on request.

Vulnerability Management

• Continuous scanning of dependencies and libraries
• Rapid remediation based on severity and exposure
• Strong patching and change-management processes

Infrastructure & Operational Security

Hosting & Cloud Providers

Safewill is hosted on secure, industry-leading cloud platforms:

• Vercel — secure hosting and deployment
• Google Cloud Platform (GCP) — infrastructure, networking, and physical security
• Google Cloud SQL — managed database with PITR backups

Links to their security documentation are available in our Trust Center.

Identity & Access Management

• Strict role-based access control
• Multi-factor authentication on all internal systems
• Logging and monitoring of privileged access

Employee Device Security

• All staff devices are encrypted and protected with MDM controls
• Mandatory updates, patching, and endpoint monitoring

Vendor Risk Management

All third-party platforms undergo security assessment before onboarding and are regularly reviewed as part of our ISO 27001 vendor-management process.

Employee Security Training

All employees receive ongoing training on security, privacy, secure handling of data, and emerging threats.

Privacy & Compliance

Safewill upholds strong privacy practices aligned with applicable data-protection principles and regulatory requirements. Our ISO 27001 certification reflects our commitment to robust information governance and continuous security improvement.

All personally identifiable information (PII) is stored within a secure privacy vault managed by a trusted third-party provider, ensuring industry-standard protection and strict access controls.

We support transparency and accountability through the following measures:

• A comprehensive Privacy Policy outlining how data is collected, stored, and used

• A Data Processing Agreement (DPA) available for organisations

• A transparent and regularly updated list of subprocessors

• Ongoing internal and external audits to ensure sustained compliance

Trust & Transparency

We believe security should be visible and verifiable.

Visit the Safewill Trust Center to access:

• ISO 27001 Certificate
• Penetration test summaries on request
• Subprocessor list
• Security documents
• System and infrastructure overviews (non-sensitive)

👉 Visit the Safewill Trust Center → https://trust.safewill.com/

Our Commitment

Protecting your information is a responsibility we take seriously.
We continuously invest in people, systems, and processes to ensure Safewill remains a secure, trustworthy platform for every family who depends on our service.

For any security questions, contact us at security@safewill.com