Skip to main content

Security & Privacy FAQs

Here are answers to some of the most common security and privacy questions we receive

Oskar Smith avatar
Written by Oskar Smith
Updated this week

Where can I find your Data Processing Agreement (DPA)?

Our DPA is included as part of your contract with us. If you need a copy or a standalone version for review, just contact your Account Manager.

Are you registered with the ICO (Information Commissioner’s Office)?

Yes, our ICO registration number is ZA289036.

Are you ISO 27001 or Cyber Essentials certified?

We are not currently certified under ISO 27001 or Cyber Essentials. However, we align our internal policies and controls with ISO 27001 principles and regularly review and strengthen our information security practices.

Where is your Privacy Policy?

Our full privacy policy is available at: https://airship.co.uk/privacy-policy It explains what data we collect, how we use it, and your rights.

What’s your data retention policy?

Data retention rules are outlined in our privacy policy. We only retain personal data for as long as it’s needed to support your use of the platform.

Who are your sub-processors?

We work with a small number of trusted service providers to help us deliver our services, including infrastructure, email, and SMS delivery.

Our web hosting, email service provider and data sub-processors:

Airship also uses the following third party software within the platform to provide service:

How can data subjects exercise their rights under the GDPR?

Your customers can access, manage, or delete their data using our Data Preferences Centre.

Do you perform vulnerability scanning or security testing?

Yes, we perform regular security scans to identify and fix potential vulnerabilities in our platform. This includes:

  • Weekly vulnerability scans on systems that store or process customer data

  • Cloud posture management – detects risks in our cloud infrastructure

  • Open source dependency scanning – checks for vulnerabilities, malware, and unsupported libraries

  • Secrets detection – scans our code for exposed API keys, passwords, or certificates

  • Static code analysis – reviews our source code for security issues and known CVEs

  • Infrastructure as Code scanning – checks Terraform configs for misconfigurations

  • Dynamic Application Security Testing (DAST) – simulates attacks on our live web app to detect vulnerabilities

  • Malware detection in dependencies – protects against supply chain risks

  • Outdated software detection – flags use of end-of-life libraries, runtimes, and frameworks

Any issues identified are prioritised and remediated promptly. This is a key part of how we keep your data safe and our systems resilient.

Need something else?

We’re happy to help with supplier questionnaires, due diligence forms, or anything else you need for internal sign-off. Just drop us a message via Intercom or contact your Account Manager.

Did this answer your question?