GetMySAR

GetMySAR

Security

This page explains, at a high level, the steps GetMySAR takes to help protect personal data and secure the service.

Last updated: 19 March 2026

On this page

1. Overview

GetMySAR recognises that people using our service may submit important personal information, including identity details, request details, signed consent forms and copy ID documents.

We take reasonable technical and organisational steps to help protect that information.

This page gives a high-level overview of our security approach. It should be read alongside our Privacy Policy and Data Protection page.

2. The types of data we help protect

Depending on how the service is used, this may include:

  • names and contact details;
  • details included in Subject Access Request forms;
  • organisation information connected to a request;
  • signed consent forms;
  • copy identity documents uploaded by users; and
  • limited payment-related information.

The organisation's substantive SAR response is sent directly to the user or data subject, and GetMySAR does not receive or store that response within the platform.

3. Infrastructure and storage

Our service uses established infrastructure providers.

  • the website is hosted on Vercel;
  • SAR-related data is stored using Supabase in eu-west-2 (London);
  • uploaded files are stored in AWS S3 in eu-west-2 (London); and
  • payments are processed by Stripe.

Our core SAR-related storage is intended to remain in UK-based infrastructure.

4. Security measures we use

Our security measures include:

  • restricting access to personal data;
  • using access controls for internal and admin systems;
  • using HTTPS to encrypt data in transit;
  • protecting files stored in AWS S3 using server-side encryption; and
  • using established hosting and storage providers.

5. Payment security

Where payments are made through the service, they are processed by Stripe.

GetMySAR does not store full payment card details on its own systems.

Payment processing is subject to Stripe's own security and compliance controls.

6. Security limits

No website, platform or transmission method can be guaranteed to be completely secure.

However, we aim to use appropriate safeguards that are proportionate to the type of information processed through GetMySAR.

7. Reporting security concerns

If you believe you have found a security issue relating to GetMySAR, please use our contact form.

Please provide as much detail as possible so we can review the issue.

8. Further information

For more information about how we handle personal data, please see our Privacy Policy, Data Protection page and Terms of Use.