RedRadar operates in a category where security is not a feature — it is the precondition for the work. Our clients trust us with access to the platform, with the integrity of their analytical workflows, and with the confidentiality of their relationship with us. The standards we hold ourselves to reflect that trust.
This page provides a public high level overview of how RedRadar approaches information security. It is intended for procurement counsel, security teams, and prospective clients evaluating whether RedRadar meets the standards their organization requires.
The detail relevant to a specific procurement, deployment, or due-diligence process is provided privately. To request our full Information Security documentation, write to us with a brief description of the procurement context.
RedRadar's security program is built around a small number of principles that govern how we design, operate, and evolve the platform.
Least privilege by default. Access to systems, data, and infrastructure is granted only where necessary, and only at the level required for the role. Privileged access is logged, audited, and reviewed.
Defense in depth. No single control is treated as sufficient. Network, application, identity, and data layers each have independent controls, and the failure of any single layer does not result in loss of confidentiality, integrity, or availability.
Encryption as standard. Data in transit is encrypted using current industry standards. Data at rest is encrypted where the underlying infrastructure supports it. Key management follows industry best practice, with key rotation and access separation.
Operational discipline over operational theater. We design for the threats our clients actually face — including state-level adversaries — rather than for compliance checklists alone.
The platform is hosted in segregated regional environments to support data residency, latency, and continuity-of-operations requirements. Production environments are isolated from development and staging environments, with strict controls on the movement of data and code between them.
Access to production systems is controlled through identity and access management infrastructure with multi-factor authentication required for all administrative actions. Privileged access is time-bound, logged, and reviewed.
Backup and recovery procedures support continuity of operations across regional infrastructure events, with regular verification of restore integrity.
The data that flows through the RedRadar platform when a client conducts intelligence work is governed by the contract between RedRadar and that client, including any Data Processing Addendum. The controller / processor distinction is described in our Privacy Statement, Section 11.
Within RedRadar's own systems, data is segregated by client and by environment. Internal access to client environments is limited to personnel with a documented operational need and is logged for audit.
We do not use client data to train automated systems, machine learning models, or large language models, and our Acceptable Use Policy prohibits clients from doing so with the output of the Services.
RedRadar uses third-party infrastructure and service providers for hosting, identity, monitoring, and supporting functions. Each material sub-processor is subject to contractual data protection and security obligations. A current sub-processor list is available on request.
Where a vendor's posture or jurisdiction does not meet the standards required for a specific client engagement, the deployment for that engagement is structured to avoid reliance on that vendor.
All RedRadar personnel — employees, contractors, and advisors — are subject to confidentiality obligations and security responsibilities as a condition of engagement. For roles involving access to client data or sensitive systems, additional verification, screening, and training requirements apply, as described in our Candidate Privacy Notice.
Security training is delivered to all personnel at onboarding and on a recurring basis, with role-specific training for engineering, operations, and client-facing personnel.
RedRadar maintains an incident response process designed to detect, contain, investigate, and remediate security events affecting the platform, our infrastructure, or our clients. The process includes:
In the event of a confirmed incident affecting client data, we notify affected clients in accordance with the terms of their agreement and applicable law, with the timeliness those terms require.
RedRadar's security program is designed to support compliance with the regulatory regimes applicable to our clients, including data protection law in Israel, the EU, the UK, and the United States.
Where a client's procurement process requires specific certifications, audits, or assessments, RedRadar engages those processes on a per-engagement basis. To discuss a specific compliance or assurance requirement, write to us.
RedRadar's clients operate in environments where adversary attention is a routine consideration, and so does RedRadar. We design the platform, our infrastructure, and our internal processes with that reality in mind. The specific controls, methodologies, and detection capabilities we maintain to protect against state-level adversaries are not described publicly, but are documented in our private security documentation and discussed with clients during procurement if required.
© 2026 RedRadar Technologies Ltd. All rights reserved.