Security

Security at TaxiCloud — built into the platform.

SOC 2 in progress, GDPR-compliant by design, ISO 27001 mapped, PCI-DSS via Stripe. The compliance posture UK and Ireland enterprise corporate accounts expect.

TaxiCloud security is built around four compliance frameworks (SOC 2, GDPR, ISO 27001, PCI-DSS) and a set of operating practices that match what UK and Ireland enterprise corporate accounts expect from their dispatch software vendor. Customer PII is masked before LLM inference, card data never touches TaxiCloud infrastructure, customer data exits as CSV or via API at any time. We hold no PAN, CVV, or expiry data.

Compliance frameworks

The frameworks that matter.

  • SOC 2 (in progress)

    Type 1 audit underway with completion targeted Q3 2026. Type 2 follows in Q1 2027. Audit report available under NDA for prospective Pro Ultra customers from Q4 2026.

  • GDPR-compliant by design

    Customer PII is masked before any data leaves the dispatch boundary for LLM inference. Data subject access requests handled within 30 days per Article 12. Data Processing Agreement (DPA) available on signup.

  • ISO 27001 mapped

    Information Security Management System mapped to ISO 27001:2022 controls. Formal certification timeline to be announced after SOC 2 Type 2 completion. Mapping documentation available under NDA.

  • PCI-DSS via Stripe

    Card data never touches TaxiCloud infrastructure — Stripe handles full PCI-DSS Level 1 compliance for card payments. Customer card metadata is tokenised; we hold no PAN, CVV, or expiry data.

Operating practices

How we run production.

  • AWS Frankfurt hosted (eu-central-1) with optional AWS Dublin (eu-west-1) on Pro Ultra for in-country residency
  • TLS 1.3 for all customer-facing endpoints; certificate auto-renewal via ACM
  • Encryption at rest via AWS KMS for all customer data; per-tenant key isolation on Pro Ultra
  • MFA enforced for all internal staff with privileged access to production systems
  • Quarterly penetration tests by an independent third-party security firm
  • Customer data export available at any time as CSV or via the authenticated API
  • Incident response SLA: critical issues acknowledged within 30 minutes 24/7
  • Bug bounty programme active — coordinated disclosure to security@taxicloud.ai

Security questions

For security questionnaires, vulnerability disclosures, or compliance documentation requests, email security@taxicloud.ai. Pro Ultra customers have a dedicated channel through their account manager.

Ready when you are

Dispatch on autopilot.

14-day free trial. No card. Cancel anytime.

47 fleets joined this month · Talk to sales