Security & incident reporting
Last updated: 10 July 2026
Acquisition Intelligence takes the security of customer data seriously. This page explains how to report security risks and what we do if a personal data incident occurs.
Report a security issue
If you discover a vulnerability or security concern, contact us immediately:
- Email: security@acquisitionintelligence.co.uk
- Include steps to reproduce, impact, and your contact details.
- Please do not publicly disclose issues until we have had a reasonable time to investigate.
Personal data breaches
If you believe your personal data has been compromised through our Platform, email security@acquisitionintelligence.co.uk with “Data breach” in the subject line.
Our process:
- Contain and investigate the incident.
- Assess risk to individuals.
- Notify the ICO within 72 hours where required under UK GDPR.
- Notify affected users without undue delay when there is a high risk to their rights.
- If HMRC customer data accessed via our software is affected, log an incident with HMRC within 72 hours via the HMRC Developer Hub support process, including a breach contact name and telephone number.
How we protect data
- Encryption in transit — TLS 1.2+ (HTTPS) for all web traffic.
- Encryption at rest — passwords stored using one-way hashing; access tokens and secrets stored encrypted in configuration.
- Access control — role-based admin access; customer data isolated per account.
- Hosting — United Kingdom (AWS EU-West-2, London).
- OAuth — future HMRC integrations use OAuth 2.0; we do not store HMRC sign-in credentials.
Your data rights
Export or close your account from your profile page (after sign-in) or email hello@acquisitionintelligence.co.uk. See our Privacy policy for full UK GDPR rights.