top of page
Frame 3.png
Security Trust Center.png

At Shuttlerock we lead with a security-first mindset. This combined with world-class cloud services enables Shuttlerock to stay ahead of the competition and deliver highly secure, reliable CaaS services to our clients.

The Shuttlerock Trust Center provides the latest information on our approach to security, privacy and compliance.


Shuttlerock is audited by an independent third-party firm against the SOC 2 compliance standard. This is completed annually.

To learn more about SOC 2, or to request a copy of our latest audit report click the link below.


As Shuttlerock has grown, our focus on protecting the data and privacy of all users has remained our highest priority.

To see how Shuttlerock complies with the General Data Privacy Regulation (GDPR) click the link below.

privacy mark.png

Shuttlerock Japan is a PrivacyMark licensed business operator.

The PrivacyMark System is set up to assess private enterprises that take appropriate measures to protect personal information. The system is compliant with Japanese Industrial standards.

Partnered with the world’s leading digital platforms
meta bp.png

Technical Security

At Shuttlerock we use a wide range of techniques and tools to ensure client data and privacy is protected at all times. Measures include the following:


Secure AWS Hosting

ShuttlerockCloud production servers are hosted on Amazon Web Services (AWS). The servers are located in Ireland with redundancies in Germany.



AWS encrypts ShuttlerockCloud data at rest and uses TLS 1.2 on AWS CloudFront during transit. Endpoint devices are encrypted locally.



Shuttlerock is independently audited against the SOC 2 framework annually. The most recent report was issued December 11th, 2023, and was for the observation period: October 1st, 2022 – September 30th, 2023.


High Availability

To ensure redundancy our servers are located in geographically diverse locations. Any scheduled maintenance or planned downtime is announced ahead of time.


Subscribe here for updates.


Backups & DLP

Shuttlerock back up client data daily and can be recovered in the event of system failure. We also use Data Loss Prevention tools across several systems to further protect our client information.


Endpoint MDM

Shuttlerock uses mobile device management systems to manage staff endpoint devices. Google GCPW for Windows devices and Kandji for Apple devices. Vanta is deployed to monitor our organisational and technical compliance.

Frame 8 (3).png


Shuttlerock applications are penetration tested by third-party companies on an annual basis. This helps to identify and remove any exploitable vulnerabilities and reduces the risk of data breaches and security incidents.

Organisational Security

At Shuttlerock we believe that ‘Security is everyone's responsibility’. Because of this, we have built a strong culture around education and processes. This ensures staff are aware of the correct procedures and the reason behind why they are important.


Staff Security Training

All Shuttlerock staff complete extensive online security awareness and GDPR training. This is renewed annually and is a major part of the onboarding process.


Password Management

Shuttlerock staff are provided with a centrally managed password manager. This improves password complexity and encrypts system login details. The 2FA feature is used to secure shared vault authentication.


Zero Trust Access

Access to systems, applications and services is managed centrally and approved prior. Roles and permissions are used where possible. Regular access audits are conducted.


Background Checks

Third-party background employment checks are performed on key employees that have elevated privileges. Checks involve looking into references, previous employment and history.


Dedicated Security

Our dedicated IT security team oversee the digital environment and work closely with staff to ensure we are secure by design and compliant with our IT frameworks. We have an appointed DPO and Data Security Management Team.


Physical Security

Our offices and studios have a range of access control systems (key tags, fingerprint scanners). We implement visitor management systems through Envoy. CCTV is in each office. Access to networking infrastructure is secured and limited.

Endpoint Detection and Response 1.png
Endpoint Detection and Response 2.png

Shuttlerock uses the Crowdstrike Falcon EDR system to protect our Windows based computer fleet from malicious and unwanted programs. We use the Kandji EDR system to carry out the same task on our fleet of Apple computers.

Security Resources

Below are several useful security-related request forms, documents and policies. If you don’t see what you require, or need more information please contact us at


Bug Bounty

Data security is a top priority for Shuttlerock. We run an in-house Bug Bounty program.

If you believe you’ve discovered a potential vulnerability, follow the link below for more information.


Sub Processors

All sub-processors are assessed for risk before use. Shuttlerock maintains an up-to-date list of the names, locations and processing activities of sub-processors.


GDPR PII Removal Request

If you require your PII data to be removed from our systems, email your information to

We need your name and email address. Once removed you will receive confirmation.


SOC 2 Report

To request a copy of the latest SOC 2 Type II audit report, or to ask any questions about our audit accreditation, please submit your request to



The following links are to key security policies and guidelines.


Get In Touch

Ready to get started? Want to learn more?
Get in touch with Shuttlerock today.

General IT Security


Data Security Enquiries


Privacy/GDPR Enquiries


Data Protection Officer - Shaun Health

bottom of page