Our Security Policy

Our Security Policy governs our approach and commitments to information security.

Last updated: May 01, 2025.

Security Policy

Our users trust us to keep their data secure, private, and available. We take that responsibility seriously.

Data Protection

Our Security System. We employ continuous monitoring for potential vulnerabilities and attack; and we continuously review and update our tools and technology to stay on top of the latest security developments.

In Transit. GNC Go uses 256-bit SSL/HTTPS secure channels for bank-standard encryption on all of your data transmissions to and from our servers.

At Rest. We use secure servers based in the UK and EU (and, optionally, other locations) to host all GNC Go data, and make extensive use of their built-in firewalls to protect your data against unauthorised remote access. Our data centres are leaders in the field of info-security and employ multi-layer security models deploying a variety of technological, human and physical measures to protect your data.

Your Data is Protected

Protection. We will take reasonable steps to keep your personal information safe from loss, unauthorised activity or other misuse.

Private by Default. Everything you put into GNC Go is private by default. We never look at it, analyse it, share it, use it to target ads, data-mine it, etc., unless you specifically ask us to do one of these things.

Vendors and Partners. We use carefully selected third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology needed to run the application.

Sharing-Features. Any features in GNC Go which allow you to share information with others, are totally optional. Whether or not you use them is up to you, and you can turn off access whenever you want.

Storage. Everything you put into GNC Go is stored in our secure data-centres. In addition, we take many precautions to protect your data from accidental loss and theft.

Backup and Recovery. Your primary-server data is automatically copied to a backup-server on a daily basis. Our back-up servers are in a geographically separate location within the EU.

Encryption. Communication between our clients and our servers, and between our primary and backup servers, is encrypted via industry-standard SSL. Your password is stored with one-way encryption on our servers and no one at GNC Space can retrieve it or will ever ask you for it.

Your Data is Not Locked-In

Data Export. We are committed to making it easy for you to get all of your data into, and out of, the system at any time. For security reasons, there is no ‘Export all’ button. We will provide full exports (to Your nominated System Administrator or Nominated Representative) on request, in human- and machine-readable formats.

Account Information

Log in. We verify account access through Username and Password authentication.

New-User Requests. Your System Administrator authorises new users through a new-user request, and by providing one associated email address for each new-user.

Temporary-Passwords. New-users receive a temporary-password by email. This temporary-password can only be used to access a ‘Create New Password’ form, which requires the user to create their own (private) system password.

Your Responsibility. Account access rights are tied to email addresses and You must ensure that Your nominated email accounts are properly controlled. You are responsible for all activity that occurs via Your account(s). You (user admin) can remove a user’s access at any time through the user admin controls, and it is Your responsibility to do so when appropriate.

Passwords. Your private passwords are salted, hashed, and stored with 256-bit encryption.

Two Factor Authentication. (2FA) is available for all accounts and is (optionally) Admin-enforceable.

Admin Controls

User Roles and Access Controls. We provide a variety of roles and access privileges for administrators and other users.

User Admin. User admin has access to the main user-account controls and manages all other admin- and user- permissions for the system.

Sharing. Where functionality allows, the admins may also choose (entirely at their own discretion) to allow sharing outside of your organisation (e.g., with authorised clients, vendors, etc.) or to restrict information access to only employees within your organisation.