Billda handles sensitive data — bank details, National Insurance numbers, tax references, and payment records — for construction organisations across the UK. We have built the Platform with security and data protection at its core.
This page summarises our security posture. For full details on how we handle personal data, see our Privacy Policy.
<aside> 🇬🇧
All data stays in the United Kingdom.
Our primary infrastructure runs in Microsoft Azure UK South (London). Backups are geo-replicated to Azure UK West (Cardiff). No sensitive personal data — including bank details, National Insurance numbers, or UTRs — leaves the UK.
</aside>
| Area | Detail |
|---|---|
| Cloud Provider | Microsoft Azure |
| Primary Region | UK South (London) |
| Backup Region | UK West (Cardiff) |
| Compute | Azure Container Apps (container-based deployment) |
| Database | PostgreSQL with zone-redundant high availability (production) |
| Backup Retention | 35 days (production) |
| Layer | Protection |
|---|---|
| Data in transit | TLS 1.2 or higher on all connections |
| Data at rest | Azure platform-level encryption (AES-256) |
| Secrets management | Azure Key Vault with RBAC and purge protection enabled in production |
Billda uses passwordless authentication via email one-time codes. No passwords are stored on the Platform, eliminating an entire category of credential-based attacks.
The Platform enforces strict role-based access control: