Trust & Security

Enterprise-grade security.
No compromises.

Your emissions data is as sensitive as your financial data. We treat it with the same rigor.

Certifications & Compliance

SOC 2 Type II

Independently audited annually by a Big 4 firm. Covers security, availability, processing integrity, confidentiality, and privacy.

ISO 27001:2022

Certified Information Security Management System. Comprehensive framework for managing information security risks.

GDPR Compliant

Full compliance with EU General Data Protection Regulation. Data Processing Agreements available for all enterprise clients.

UAE Data Protection Law

Compliant with Federal Decree-Law No. 45/2021 on the Protection of Personal Data. Registered with UAE Data Office.

PCI DSS Level 1

Payment processing handled by PCI DSS Level 1 certified processors. We never store credit card numbers on our infrastructure.

CSA STAR Level 2

Cloud Security Alliance STAR certification demonstrating cloud security maturity and transparency.

Infrastructure Security

UAE-Based Data Residency

  • Primary data centers located in Abu Dhabi and Dubai, UAE
  • Secondary disaster recovery site in a geographically separated UAE location
  • Data never leaves the UAE unless explicitly requested by the client and governed by appropriate legal safeguards
  • Compliant with UAE Data Sovereignty requirements for government and regulated entities

Encryption Standards

  • Data at rest: AES-256 encryption with customer-managed keys (BYOK) available for Enterprise tier
  • Data in transit: TLS 1.3 with perfect forward secrecy on all connections
  • Database encryption: Transparent Data Encryption (TDE) with automated key rotation every 90 days
  • API authentication: OAuth 2.0 with JWT tokens, API key rotation, and IP whitelisting
  • End-to-end encryption available for sensitive emissions data fields

Access Controls

  • Role-Based Access Control (RBAC) with granular permission management
  • Multi-Factor Authentication (MFA) mandatory for all administrator accounts
  • Single Sign-On (SSO) via SAML 2.0 and OpenID Connect for Enterprise clients
  • Session management with configurable timeout and concurrent session limits
  • Privileged Access Management (PAM) for internal engineering access with audit logging
  • Zero-trust network architecture: every request is authenticated and authorized

Threat Detection & Response

  • 24/7 Security Operations Center (SOC) monitoring
  • Real-time intrusion detection and prevention systems (IDS/IPS)
  • Automated vulnerability scanning on a continuous basis
  • Annual penetration testing by independent third-party security firms
  • Bug bounty program for responsible disclosure (security@greenledger.ae)
  • Incident response plan with defined SLAs: Critical (<1 hour), High (<4 hours), Medium (<24 hours)
  • DDoS mitigation with globally distributed edge protection

Business Continuity & Disaster Recovery

Recovery Point Objective (RPO)
Maximum data loss in a disaster scenario
< 1 hour
Recovery Time Objective (RTO)
Maximum time to restore full service availability
< 4 hours
Backup Frequency
Real-time replication with daily full backups retained for 90 days
Continuous + Daily Snapshots
DR Testing
Full disaster recovery drills conducted every quarter with documented results
Quarterly
Data Redundancy
All data replicated across three physically separated storage nodes
3x Replication

Organizational Security

Background Checks

All employees undergo comprehensive background verification, including criminal record checks and reference verification, prior to onboarding.

Security Training

Mandatory security awareness training upon hiring and quarterly refresher sessions. Annual phishing simulation exercises for all staff.

Least Privilege Access

Employees are granted minimum necessary access. Access reviews conducted quarterly. Offboarding procedures revoke all access within 1 hour of separation.

Vendor Risk Management

All third-party vendors undergo security assessment before onboarding. Annual reassessment with SOC 2 or equivalent certification requirements for data processors.

Report a Vulnerability

We take security seriously and appreciate responsible disclosure. If you discover a vulnerability, please report it to our security team.

Security Team

security@greenledger.ae

PGP key available upon request. We acknowledge reports within 24 hours.