Security & Certification

Keeping your employee’s information safe and secure at all times

Trust & Certificates

We understand that trust and safety is important to you and your employees. Our commitment to our clients, companions and employees are to keep them and their information safe at all times. We seek rigorous external verification of our commitment to the highest standards of information security, and hold the following certifications:
 

  • ISO 27001 certification

  • PCI DSS

  • Regular Penetration Testing

  • Comprehensive Information Security Due Diligence assessments conducted on us by leading financial, legal and insurance organisations

Personal Data (PII)

We do not receive any personal data from any employer organisations. Employees provide their personal details directly to companiions (the Data Controller). Our service is delivered under a direct end-user agreement with the employee using the service, where companiions is the Data Controller not the employees organisations. Only data required to deliver the service and to satisfy data protection requirements are collected from employees. Event and data usage analysis are performed on data sets that do not contain personal data.

Security & privacy at the heart of our design

We are a fully remote cloud-based organisation, using Amazon Web Services (AWS) and Google Workspace as the provider of our companiions app and office infrastructure. Both AWS and Google are best-in-class providers, with comprehensive security accreditations including ISO 27001, SOC 1, 2 & 3, FIPS 140-2 Validated and supporting HIPAA compliance. Where we use additional cloud tooling for analytics these are certified to ISO 27001 as a minimum.

In compliance with applicable data privacy and protection regulations, data originating in the UK and EEA is only processed within this geographic area. Our cloud infrastructure is highly resilient ensuring that we are able to offer our service to you reliably and securely. Security and privacy have been fundamental design considerations right from the outset:

  • All data is encrypted both in transit and at rest.

  • All of our cloud infrastructures are geographically restricted so personal data is only stored and processed within the designated and appropriate geographic areas.=

  • Personal data is strictly access-controlled and is segregated from other operational data.

  • We make use of SSO where possible, ensuring secure access to the platform and allowing access to be provisioned by your own IT department in a B2B setting.


Personal data is never shared outside of our staff. We only provide aggregated and anonymised data back to employers as part of performance tracking. And we do not outsource any part of delivering the service to any third parties.

Child Protection Policy

At Companiions, we are committed to providing a safe and supportive environment for all individuals, especially children. We have established a comprehensive Child Protection Policy to prevent and address any instances of child sexual abuse and exploitation within our services. This policy applies to all employees, volunteers, contractors, and partners associated with Companiions.

1. Policy Statement
Companiions strictly prohibits and will not tolerate any form of child sexual abuse or exploitation. We are dedicated to implementing measures that prevent such misconduct and ensure the safety and well-being of children under our care.

2. Definitions

  • Child: Any individual under the age of 18.

  • Child Sexual Abuse: Any act involving a child in sexual activity that he or she does not fully comprehend, is unable to give informed consent to, or for which the child is not developmentally prepared.

  • Child Sexual Exploitation: A form of sexual abuse where an individual or group takes advantage of an imbalance of power to coerce, manipulate, or deceive a child into sexual activity, often in exchange for something the victim needs or wants.

3. Prevention Measures

  • Recruitment and Screening: All prospective companions undergo thorough background checks, including criminal record checks, to ensure they have no history of child abuse or related offences.

  • Code of Conduct: A clear code of conduct outlines acceptable and unacceptable behaviours when interacting with children. All companions are required to adhere to this code.

4. Reporting Procedures

  • Obligation to Report: Any companion who suspects or becomes aware of an incident of child sexual abuse or exploitation must report it immediately to the team at companiions

  • Confidentiality: Reports will be handled with the utmost confidentiality to protect the privacy of all parties involved, except where disclosure is required by law.

  • Protection from Retaliation: Companiions prohibits retaliation against individuals who report suspected abuse in good faith.

5. Response to Allegations

  • Investigation: All allegations will be promptly and thoroughly investigated by qualified personnel, maintaining fairness and impartiality throughout the process.

  • Cooperation with Authorities: We will fully cooperate with law enforcement and child protection agencies during investigations and comply with all legal obligations.

6. Monitoring and Review

  • Regular Audits: We will conduct regular audits of our child protection practices to ensure compliance and identify areas for improvement.

  • Policy Review: This policy will be reviewed annually or as needed to reflect changes in legislation or organizational practices.

By implementing this policy, Companiions aims to create a secure environment where children are protected from harm and can thrive under our care.

Exploring benefits for your employees?

Get in touch with our team today.

During the session, we will cover:

  • What we do at companiions

  • How we can support your employees

  • Get a quote for your business