Security You Can Trust

Hoppa is built with security and privacy at its core. We maintain the highest standards of data protection, compliance, and operational security to ensure your information is always safe.

Cyber Essentials

Cyber Essentials Plus

GDPR Compliant

IN PROGRESS

ISO 27001

Azure AI Services Partner

Integrations Partner

Overview

NCSC Cloud Security Principles

Our information security controls and processes, mapped against the 14 NCSC Cloud Security Principles.

Principle 1: Data in transit protection

TLS 1.2+ enforced on all connections
End-to-end encryption for data in transit
Certificate-based service authentication

Principle 2: Asset protection and resilience

Encryption at rest using AES-256
Geo-redundant backups
Secure data erasure procedures

Principle 3: Separation between customers

Logical tenant isolation
Network-level segmentation
Isolated data storage per customer

Principle 4: Governance framework

Information security policy framework
Regular management reviews
Risk assessment and treatment process

Principle 5: Operational security

Vulnerability scanning and patching
Protective monitoring and alerting
Change management controls

Principle 6: Personnel security

Background checks for all staff
Security awareness training
Least-privilege access controls

Principle 7: Secure development

Secure SDLC practices
Automated CI/CD pipeline with security gates
Code review and static analysis

Principle 8: Supply chain security

Third-party risk assessments
Supplier security requirements
Dependency vulnerability monitoring

Principle 9: Secure user management

Role-based access control (RBAC)
User provisioning and deprovisioning
Audit logging of user actions

Principle 10: Identity and authentication

Multi-factor authentication (MFA)
SSO integration support
Machine identity management

Principle 11: External interface protection

API rate limiting and authentication
Web application firewall (WAF)
DDoS protection

Principle 12: Secure service administration

Privileged access management
Hardened administration interfaces
Administrative action audit trails

Principle 13: Audit information and alerting for customers

Customer-accessible audit logs via Hoppa Cloud
Security incident notifications
Tamper-evident logging via Auth0 & Azure Monitor

Principle 14: Secure use of the service

Secure-by-default configuration
Customer security guidance documentation
Shared responsibility model

Key resources

Documentation and policies

Hoppa Privacy Policy

Policy

January 2026

Hoppa Cookies Policy

Policy

January 2026

Hoppa Backup Policy

Policy

January 2026

Hoppa Data Processing Addendum

Agreement

January 2025

Hoppa Shared Responsibility Model

Guide

January 2026

Hoppa AI Factsheet

Guide

January 2026

Microsoft Azure Data Processing Addendum

Agreement

Microsoft Azure AI Foundry Data Privacy & Security

Guide

Autodesk Data Processing Addendum

Agreement