Straight2PDF is operated by WFA Support Ltd. This page summarises the safeguards and operating practices we use to protect the platform. It should be read alongside our Privacy Policy, Terms and Conditions and Data Processing Agreement.
1. Security approach
We use reasonable technical and organisational measures designed to protect customer data, maintain service availability and reduce the risk of unauthorised access, loss or misuse.
2. Hosting and infrastructure
- Core hosting is provided in the United Kingdom by 24host.uk.
- Public web routes are separated from server-side/private application logic.
- Transport security controls are used where appropriate, including HTTPS enforcement and security headers.
- Backups and operational copies may be used to support resilience, recovery and service continuity.
3. Account and access controls
- Access to customer areas requires authenticated accounts.
- Role and permission checks are used to limit access to customer-specific data and admin functionality.
- Session cookies are configured with security-focused settings such as HttpOnly and SameSite=Strict.
- Passwords are hashed and are not stored in plain text.
- Two-factor authentication may be made available for supported admin or user flows where enabled.
4. Data protection
Customer form submissions, uploaded content and generated documents are processed to provide the Straight2PDF service. Uploaded files and generated PDFs are access-controlled through account and permission checks. We do not use customer form content for advertising. Data processing commitments are described in our DPA.
5. Monitoring and logging
We may record access logs, application logs, page visit analytics where consent applies, and error logs to help operate, secure and improve the service. Technical logs are handled in line with our Privacy Policy.
6. Incident handling
If we identify a security incident affecting customer data, we will investigate, take appropriate containment steps and notify affected customers or regulators where required by law.
7. Customer responsibilities
- Use strong passwords and keep credentials secure.
- Assign access only to people who need it.
- Keep devices used with Straight2PDF secure and updated.
- Report suspected account compromise or security concerns promptly.
8. Responsible disclosure
If you believe you have found a vulnerability, please contact support@straight2pdf.co.uk with enough detail for us to investigate, including affected URLs, steps to reproduce, potential impact and your contact details. Please do not access, alter, delete, download or disclose data that does not belong to you, disrupt the service, or perform destructive testing.