Where can I find your Data Processing Agreement (DPA)?
Our DPA is included as part of your contract with us. If you need a copy or a standalone version for review, just contact your Account Manager.
Are you registered with the ICO (Information Commissioner’s Office)?
Yes, our ICO registration number is ZA289036.
You can view our entry here: https://ico.org.uk/ESDWebPages/Entry/ZA289036
Are you ISO 27001 or Cyber Essentials certified?
We are not currently certified under ISO 27001 or Cyber Essentials. However, we align our internal policies and controls with ISO 27001 principles and regularly review and strengthen our information security practices.
Where is your Privacy Policy?
Our full privacy policy is available at: https://airship.co.uk/privacy-policy It explains what data we collect, how we use it, and your rights.
What’s your data retention policy?
Data retention rules are outlined in our privacy policy. We only retain personal data for as long as it’s needed to support your use of the platform.
Who are your sub-processors?
We work with a small number of trusted service providers to help us deliver our services, including infrastructure, email, and SMS delivery.
Our web hosting, email service provider and data sub-processors:
Avensys Networks Ltd, 180 Attercliffe Rd, Sheffield S4 7WZ ( https://www.avensys.net/termsandprivacy.html )
Sub 6 Ltd, Suite 3E, Ribble House, Meanygate, Bamber Bridge, Preston PR5 6UP ( https://www.clook.net/wp-content/uploads/2020/08/Privacy-Policy.pdf )
Amazon Web Services ( https://aws.amazon.com/compliance/gdpr-center/)
SingleStore UK Ltd, 100 New Bridge Street, EC4V 6JA, London ( https://www.singlestore.com/eu-uk-privacy-notice/ )
MessageBird B.V., Postbus 14674, 1001 LD, Amsterdam, The Netherlands ( https://bird.com/en-gb/policies/legal/dpa )
DataCamp Limited t/as CDN77, 9 Coldbath Square, London, UK ( https://www.cdn77.com/terms-and-conditions )
Twilio ( https://www.twilio.com/en-us/legal/privacy )
Commify UK Limited trading as Esendex ( https://www.esendex.co.uk/privacy-policy/ )
Airship also uses the following third party software within the platform to provide service:
Unlayer Inc., 2261 Market Street STE 4667, San Francisco, CA 94114 ( https://unlayer.com/privacy )
Better Stack ( https://betterstack.com/dpa )
Airbrake Technologies, Inc ( https://www.airbrake.io/privacy )
How can data subjects exercise their rights under the GDPR?
Your customers can access, manage, or delete their data using our Data Preferences Centre.
More info here: https://academy.airship.co.uk/en/articles/1947189-introducing-the-airship-data-preferences-centre
Do you perform vulnerability scanning or security testing?
Yes, we perform regular security scans to identify and fix potential vulnerabilities in our platform. This includes:
Weekly vulnerability scans on systems that store or process customer data
Cloud posture management – detects risks in our cloud infrastructure
Open source dependency scanning – checks for vulnerabilities, malware, and unsupported libraries
Secrets detection – scans our code for exposed API keys, passwords, or certificates
Static code analysis – reviews our source code for security issues and known CVEs
Infrastructure as Code scanning – checks Terraform configs for misconfigurations
Dynamic Application Security Testing (DAST) – simulates attacks on our live web app to detect vulnerabilities
Malware detection in dependencies – protects against supply chain risks
Outdated software detection – flags use of end-of-life libraries, runtimes, and frameworks
Any issues identified are prioritised and remediated promptly. This is a key part of how we keep your data safe and our systems resilient.
Need something else?
We’re happy to help with supplier questionnaires, due diligence forms, or anything else you need for internal sign-off. Just drop us a message via Intercom or contact your Account Manager.