Security & compliance you can trust
Resource Guru is SOC 2 Type II compliant and GDPR compliant. Your data is protected by independently audited controls, strong encryption, and strict operational safeguards — so your teams can plan with confidence.
Security isn’t a feature for us. It’s foundational. Resource Guru undergoes independent security testing, maintains audited controls under SOC 2 Type II, and operates in line with UK and EU GDPR requirements.
✓ SOC 2 Type II compliant
✓ GDPR compliant
✓ Annual independent penetration testing
✓ Weekly third-party vulnerability scanning
✓ WAF (Web Application Firewall) protecting public endpoints
✓ Encryption in transit and at rest
✓ Strict access controls and least-privilege policies
✓ Reliable encrypted backups with point-in-time recovery
Visit our Trust Center to access our security, compliance, and privacy documentation, including publicly available reports and policies, with additional materials available upon request under NDA.
SOC 2 Type II compliant
Resource Guru has achieved SOC 2 Type II compliance, verified through independent audit. This means our security controls have been independently audited to verify their effectiveness over an extended period — not just reviewed at a single point in time.
The audit covers key areas including access management, monitoring, change management, availability, confidentiality, and incident response.
Visit our Trust Center to access our SOC 3 report or request our SOC 2 Type II report under NDA.
Privacy & GDPR compliance
Resource Guru complies with EU and UK GDPR. We’re committed to protecting your privacy and supporting your data protection obligations.
When processing customer data, we primarily act as a data processor and maintain appropriate technical and organisational measures as required by law.
In practice, this means we:
- Process personal data lawfully, fairly, and transparently
- Implement strong technical and organisational safeguards
- Minimize data collection to what’s necessary
- Support customer rights and regulatory requirements
Resource Guru is registered with the UK Information Commissioner’s Office (ICO) as a data controller (Registration number: Z3001946).
For full details on how we handle personal data as a controller, please see our Privacy Policy.
Infrastructure & hosting
Resource Guru is hosted on Google Cloud Platform, providing a highly secure, reliable, and resilient environment.
Infrastructure benefits include:
- Enterprise-grade availability with automatic scaling and restart
- Certifications including ISO 27001, SOC 1, SOC 2, and SOC 3
- Multiple availability zones for resilience
- Historical uptime exceeding 99.99% – see independent Pingdom report.
Trusted by thousands of teams around the world
Encryption & data protection
- All website traffic is encrypted using TLS 1.2 and above
- Passwords are securely hashed and salted using strong cryptographic algorithms
- Data at rest is encrypted by default
- Backups are stored on encrypted, redundant storage across multiple availability zones
- Point-in-time recovery is available throughout the day
Access control & permissions
We give customers control over who can access their data.
- Granular role-based permissions within Resource Guru
- SSO-only (single sign-on) mode for centralized identity management
- When users are deprovisioned in your identity provider (IdP), access to Resource Guru is automatically revoked
- Principle of least privilege enforced internally
Personnel cannot log into customer accounts via any user interface. If access is ever required for troubleshooting, we request explicit customer consent first.
Monitoring & security testing
We operate multiple overlapping layers of detection, prevention, and verification:
- Annual independent penetration testing
- Weekly automated vulnerability scans using an independent third-party tool
- Continuous dependency monitoring for newly disclosed vulnerabilities
- Google Cloud Armor WAF (Web Application Firewall) protecting public-facing endpoints from common attacks including XSS, SQL injection, LFI, RFI, and known CVE exploit patterns
- Bug bounty program for responsible vulnerability disclosure
These controls form part of our broader security program validated under our SOC 2 Type II certification. Access our penetration test attestation in our Trust Center, or request the full penetration test report under NDA.
Operational security
- Rigorous code review process
- Logged code changes and deployments
- Live application monitoring for anomalous behaviour
- Continuous application and dependency security analysis
- Systems kept up to date with the latest security patches
Any new vulnerability disclosed in any dependency is treated with the highest priority.
Customer data accessed by authorized personnel (when required for contractual obligations) is transferred securely and stored on encrypted devices.
Incident response
If we suspect a data breach, affected customers will be notified without undue delay, including details of impact, mitigation steps, and remediation actions.
Architecture
Resource Guru uses a secure multi-tenant architecture. All data access is strictly scoped to the authenticated user’s customer account.
Credit card details are handled exclusively by PCI-compliant payment partners. We never store or process card data ourselves.
Insurance
Resource Guru maintains:
- Professional Indemnity – £1,000,000
- Public & Products Liability – £1,000,000
- Employers’ Liability – £10,000,000
- Cyber & Data – £1,000,000
- Management Liability – Directors & Officers – £1,000,000
- Management Liability – Corporate Legal Liability – £1,000,000
- Management Liability – Employment Practices Liability – £1,000,000
- Crisis Containment – £25,000
Contact us
For any security-related enquiries, please contact the team.
© Resource Guru 2026. All rights reserved.