GoodUp
Request a demo

Compliance and Security

Trust is essential when managing employee data, donations, volunteering programmes and impact information.

GoodUp is ISO 27001 certified, GDPR compliant and trusted by companies, governments, funds and impact organisations across Europe and beyond. Our security framework combines robust governance, secure infrastructure, access controls and continuous monitoring to help organisations meet both security and compliance requirements.

Whether you operate in a single country or across multiple regions, GoodUp provides the controls, transparency and documentation needed to support procurement, IT and security reviews with confidence.

Hero image

Security at a glance

GoodUp combines recognised certifications, secure infrastructure and proven security controls to help organisations protect their data and reduce risk.

ISO 27001 certified

ISO 27001 certified

Our Information Security Management System is independently audited and certified against the ISO 27001 standard.

GDPR compliant

GDPR compliant

We apply privacy-by-design principles and processes that support compliance with European data protection regulations.

EU data residency

EU data residency

Customer data is hosted within the European Economic Area using trusted infrastructure partners.

Annual security testing

Annual security testing

Independent security specialists regularly test our platform to identify and remediate vulnerabilities.

Encryption at rest & in transit

Encryption at rest & in transit

Data is protected using industry-standard encryption technologies during storage and transmission.

SSO & SCIM

SSO & SCIM

Support for enterprise identity management, including Single Sign-On and automated user provisioning.

Security by Design

Security is embedded throughout the GoodUp platform, our organisation and our operations. We apply a structured approach to continuously strengthen our security posture and protect customer data.

  • Risk Management – Continuous identification, assessment and mitigation of security risks.

  • Secure Development – Code reviews, security testing and vulnerability management throughout the development lifecycle.

  • Supplier Management – Security assessments and reviews of critical suppliers and technology partners.

  • Security Awareness – Ongoing training and clear security policies for all employees.

Security by Design

Data residency & infrastructure

Your data is hosted on secure European infrastructure and protected through multiple layers of security, monitoring and resilience.

  • EU Data Residency – Customer data is hosted within the European Economic Area.

  • Backup & Recovery – Encrypted backups and recovery procedures help ensure business continuity.

  • Monitoring & Reliability – Continuous monitoring and operational controls support platform availability and performance.

  • Encryption – Data is encrypted both in transit and at rest using industry-standard protocol

Data residency & infrastructure

Identity & access management

Controlling access is one of the most important foundations of information security. GoodUp provides enterprise-grade identity and access controls to help organisations manage users securely and efficiently.

Single Sign-On (SSO) – Authenticate users through your existing identity provider.

SCIM Provisioning – Automate user onboarding, offboarding and account management.

Role-Based Access Control – Assign permissions based on roles and responsibilities.

Multi-Factor Authentication – Add an extra layer of protection for user and administrator accounts.

Identity & access management

Privacy & compliance

Privacy and compliance are built into the way GoodUp designs, operates and supports its platform and services.

  • GDPR Compliance – Processes and controls aligned with European data protection requirements.

  • Privacy by Design – Data protection is integrated into product development and operational processes.

  • Data Processing Agreements – Clear contractual safeguards for the processing of personal data.

  • Data Retention & Deletion – Policies and procedures governing the retention and removal of data.

  • Supplier Assessments – Security and privacy reviews of critical suppliers and technology partners.

Privacy & compliance

Our commitment

Protect data

Protect data

We understand that our customers trust us with employee data, volunteering programmes, donations, grant applications and impact information.

Protecting that data is a responsibility we take seriously. Through strong security controls, continuous monitoring and a structured security programme, we work every day to safeguard the confidentiality, integrity and availability of information.

Earn trust

Earn trust

Trust is built through transparency, accountability and consistency. We are committed to clear policies, open communication and independent verification through certifications, audits and security assessments.

By continuously reviewing and improving our security and compliance practices, we help customers, partners and stakeholders engage with confidence.

Enable impact

Enable impact

Security should enable organisations to create impact, not slow them down.

Our goal is to provide a secure, reliable and compliant platform that allows companies, governments, funds and impact organisations to focus on what matters most: activating people, supporting communities and creating positive societal change.