Williation

Security Policy

Williation.com - Security Policy

Last updated: May 2026

Our Commitment

Williation stores sensitive personal, family, and digital life information. Security is not an afterthought - it is the foundation of everything we build.

Encryption

At rest: All vault data is encrypted using AES-256. Identity documents and uploaded files are individually encrypted.

In transit: All connections use HTTPS/TLS. Unencrypted connections are rejected.

Passwords: Stored exclusively as Argon2 hashes. We cannot retrieve your password. If lost, it must be reset.

Zero-knowledge approach: Vault contents are encrypted in a way that prevents Williation staff from reading them. You hold your keys.

Authentication

  • Two-factor authentication (2FA) is available and strongly recommended
  • Sessions expire after a period of inactivity
  • Failed login attempts trigger account protection measures
  • Password reset flows use time-limited, single-use tokens

Infrastructure

  • Hosted on VPS infrastructure located in UK/EU compliant data centres
  • Encrypted backups taken regularly
  • No shared hosting environments
  • File uploads are malware-scanned and served via signed URLs - direct file access is blocked

Access Controls

  • Staff access to user data is restricted on a strict need-to-know basis
  • All administrative access is logged and audited
  • No staff member can read your encrypted vault contents

Breach Response

In the event of a confirmed data breach:

  • We will contain and assess the breach immediately
  • We will notify affected users within 72 hours as required by UK GDPR
  • We will report to the ICO where legally required
  • We will publish a transparent incident report

Responsible Disclosure

If you discover a security vulnerability in Williation, please report it to us privately before disclosing publicly.

Email: security@williation.com

We ask for reasonable time to investigate and resolve before any public disclosure. We do not pursue legal action against good-faith researchers.

What We Recommend for Users

  • Use a strong, unique password for your Williation account
  • Enable two-factor authentication
  • Keep your emergency contact list current and accurate
  • Do not share your account credentials
  • Download an offline backup of critical vault data periodically

Planned Security Roadmap

  • Independent security audit
  • Penetration testing by third-party firm
  • Bug bounty programme
  • SOC 2 readiness assessment
  • ISO 27001 planning

Contact

security@williation.com

Back to homepage