RRenzo

Trust centre

Renzo is built for UK HR consultancies handling sensitive employment information. This page covers what we do to protect that data - including who else processes it on our behalf.

Data residency

Primary data store and authentication run in EU (Frankfurt)on Supabase. Application hosting is on Vercel’s global CDN; only static assets and request routing touch other regions.

Encryption

TLS 1.2+ in transit. AES-256 at rest for the database and storage. Database backups are encrypted using Supabase’s managed keys.

Access control

Row-Level Security on every tenant table (default-deny). Super Admin actions require recent re-authentication and are logged to an append-only audit table.

Backups

Point-in-time recovery (7 days) and daily snapshots (30 days). Restore drills run quarterly.

Sub-processors

Companies that may process tenant data on our behalf. We notify customers via What’s new before adding a sub-processor that materially changes the processing.

Infrastructure

  • Supabase

    Managed Postgres + Auth + Storage

    EU (Frankfurt)

    DPA

  • Vercel

    Application hosting + CDN

    Global

    DPA

Email delivery

  • Resend

    Transactional email delivery

    EU + US

    DPA

Payments

  • Stripe

    Subscription billing

    EU + US

    DPA

Integrations (tenant-opted)

  • Microsoft

    Outlook (Microsoft Graph) integration when tenant connects

    Tenant region

    DPA

Reporting a security issue

Found a vulnerability? Email security@renzoconsulting.com with steps to reproduce. We’ll acknowledge within 24 hours and follow coordinated disclosure.