TRUST & SECURITY
We handle sensitive financial data for Irish businesses every day. Security is not a feature — it is the foundation of everything we build.
Last updated: 26 April 2026
Our payment infrastructure operates on PCI DSS compliant systems. Card data is never stored, processed, or transmitted by Rook Agentics directly — all card transactions flow through certified providers.
As an Irish-registered company operating in the EU, we are fully subject to and compliant with GDPR. We process only the minimum data required to deliver our services. See our Privacy Policy for full details.
Our information security management follows ISO 27001 best practices, including risk assessment, access control, incident response, and regular internal audits.
We are actively working toward SOC 2 Type 2 certification. Our controls around security, availability, and confidentiality are aligned with SOC 2 trust service criteria.
All data in transit is encrypted using TLS 1.3. Sensitive data at rest is encrypted using AES-256. Our SSL configuration is rated A+ by SSL Labs.
Infrastructure access is restricted via Tailscale VPN and SSH key-only authentication. All access is logged and reviewed. No password-based access to production systems.
If you discover a security vulnerability in our systems, please disclose it responsibly. We take all reports seriously and will respond within 48 hours.
[email protected] →