ValidarUK Planning

Your data is safe with Validar

We take the security and privacy of your planning documents seriously. Here is exactly how we protect your data.

AES-256 EncryptionUK GDPRStripe PCI DSS Level 1RLS Protected

Encryption at rest and in transit

  • All data is encrypted at rest using AES-256 encryption.
  • All data in transit is protected by TLS 1.2 or higher.
  • Planning documents are processed securely and never stored permanently after validation is complete.
  • Supabase infrastructure is hosted on AWS in the EU (London) region, keeping your data in the UK.

GDPR compliant

  • Validar is fully compliant with UK GDPR and the Data Protection Act 2018.
  • We act as a data processor on behalf of our customers.
  • A Data Processing Agreement (DPA) is available on request.
  • You retain full ownership of all documents you upload.
  • You can export or delete your data at any time.
  • We never sell your data to third parties.
  • For data requests contact: privacy@validar.co.uk.

How we handle AI processing

  • Validar uses Anthropic's Claude API to validate documents.
  • A Data Processing Agreement is in place with Anthropic.
  • Documents are processed transiently and not used to train AI models.
  • We have enabled zero data retention where possible.
  • No planning document content is stored by Anthropic after processing.

Secure payments

  • All payments are processed by Stripe, a PCI DSS Level 1 certified payment processor.
  • Validar never stores card details.
  • All billing data is handled exclusively by Stripe.
  • Stripe is trusted by millions of businesses worldwide.

Secure infrastructure

  • Validar is hosted on Vercel's enterprise-grade cloud infrastructure.
  • Database and authentication powered by Supabase.
  • Automatic security updates and patches applied.
  • Row Level Security (RLS) enforced at database level, users can only access their own data.
  • All API routes require authentication.
  • Rate limiting applied to prevent abuse.

Access control

  • Secure authentication powered by Supabase Auth.
  • Email verification required on signup.
  • Passwords are hashed and never stored in plain text.
  • Team member access controlled by role permissions.
  • API keys can be revoked at any time from your dashboard.

Responsible disclosure

  • If you discover a security vulnerability in Validar, please report it responsibly to conor@validar.co.uk.
  • We take all security reports seriously and will respond within 48 hours.
  • Please do not publicly disclose vulnerabilities before we have had a chance to address them.

Security questions?

  • For any security or data protection queries contact: conor@validar.co.uk.
  • For data subject requests: privacy@validar.co.uk.

Need a secure planning application validation UK workflow?

Validar combines secure planning application software controls, planning software GDPR compliant processes, and practical Local Validation List checking for UK professionals.

Start free