Security

Security is built into every GestWave product.

GestWave is designed to protect the data and operations of the organizations that rely on it — with encryption, strong authentication, tenant isolation and continuous monitoring across the whole platform.

This page is maintained by ARP Group Ltd to answer common security questions about GestWave products.

Illustration of a glowing shield protecting connected data across the GestWave platform
Security pillars

The controls that protect your data every day.

GestWave products share a common operational core. That means the same security controls apply consistently across Edupro, VLE and every future vertical we release.

Encryption in transit and at rest

All traffic between your users and GestWave is protected with TLS. Databases, backups and object storage are encrypted at rest using modern industry-standard algorithms.

Tenant isolation by design

Each customer's data is logically isolated. Row-level security policies are enforced at the database layer, so a request can only ever see records that belong to its own tenant.

Strong authentication

Email + password with modern password hashing, optional single sign-on, and protection against known-breached passwords. Session tokens are short-lived and rotated automatically.

Granular roles and permissions

Roles are stored in a dedicated, server-verified table and evaluated on every request. Admin actions are gated by explicit checks — never by client-side flags.

Hardened cloud infrastructure

GestWave runs on managed cloud infrastructure operated by leading providers with enterprise-grade physical security, network protection and DDoS mitigation.

Continuous monitoring

Application logs, error events and unusual access patterns are continuously observed so anomalies can be detected and investigated quickly.

Infrastructure & hosting

Enterprise-grade cloud, without the operational burden.

GestWave is delivered as a fully managed SaaS. Compute, storage and networking run on top-tier cloud providers with certified data centers, redundant power, physical access controls and 24/7 monitoring. Backups are automated and encrypted, and the platform is architected for high availability.

Managed cloud

Trusted providers with certified data centers.

Encrypted backups

Automated, encrypted, regularly tested.

High availability

Designed to keep operations running.

DDoS mitigation

Network-level protection at the edge.

Secure development lifecycle

Security is a habit, not a checklist.

Every change to GestWave goes through the same rigorous process, from the first line of code to production release.

01

Secure by design

Security requirements are considered from the earliest stages of every feature, not bolted on at the end.

02

Automated checks

Every change goes through automated scans for common vulnerabilities, dependency issues and misconfigurations before it can reach production.

03

Reviewed rollouts

Changes are peer-reviewed and released progressively, with the ability to roll back quickly if an issue is detected.

04

Least-privilege access

Internal access to production environments is restricted, individually authenticated and logged.

Data protection

Your data stays yours.

Customer data in GestWave is processed only to deliver the service you subscribed to. We do not sell customer data and we do not use it to train third-party models. Access to production data is restricted to a limited number of authorized people, on a least-privilege basis, and every access is logged.

  • Data is stored within the regions declared in your service agreement.
  • Retention periods and deletion rules follow your instructions as data controller.
  • Export and deletion of your data are available on request.
Shared responsibility

We secure the platform. You secure your workspace.

Security is a shared responsibility. GestWave protects the underlying platform — infrastructure, application code, encryption and monitoring. Customers are responsible for managing their own users, roles, passwords and the content they upload.

GestWave

Platform, infrastructure, application security, encryption, monitoring.

Customer

User management, role assignments, password hygiene, uploaded content.

Incident response

Prepared, transparent, accountable.

We maintain an incident response process to detect, contain and recover from security events, and to notify affected customers in line with applicable regulations and contractual commitments.

Report a security concern

If you believe you have found a vulnerability in a GestWave product, please contact our team so we can investigate quickly. Please do not test against production data belonging to other customers.

Contact the security team

Compliance & documentation

Additional documentation — including data processing agreements and information about subprocessors — is available to customers and prospects on request.

Request documentation

Have a security question?

Our team is happy to walk you through our controls, compliance posture and shared responsibility model.

Talk to our team