Security & Data Protection

• All data encrypted in transit using TLS 1.2+
• All data encrypted at rest using AES-256
• Tenant data is fully isolated — no tenant can access another's records
• Records are append-only — compliance data cannot be silently altered or deleted

• Secure login with JWT-based authentication
• Two-factor authentication available for all accounts
• Role-based access control — operators, managers, and administrators have different permission levels
• Active session management — view and revoke sessions from your account

• Hosted on enterprise cloud infrastructure in the EU (Ireland)
• Automated daily backups with point-in-time recovery
• Managed infrastructure with their own security programmes and certifications

• Your data belongs to you
• Export your records at any time in PDF or Excel format
• Data hosted in the EU and processed in accordance with UK GDPR
• Data retention and deletion policy available on request
• Right to erasure: contact support@croprec.com

For more detail, see our Privacy Policy.

We use the following trusted third-party services to deliver CropRec.

For prospective customers, enterprise buyers, or auditors requiring detailed security information, we provide a Security & Compliance Pack on request. This includes our infrastructure overview, data flow documentation, backup and recovery procedures, and incident response process.

If you discover a security vulnerability in CropRec, please report it to security@croprec.com. We aim to respond within 48 hours.