Security

How we protect your data and infrastructure

Security is fundamental to how Support King operates. Our Studio Diagnostics application and support infrastructure are built with defence-in-depth principles, ensuring your data is protected at every layer — from the application on your Mac to our cloud infrastructure.

1. Application Security

• Apple Notarisation: Studio Diagnostics is notarised by Apple, confirming it is free from known malware and has been reviewed by Apple's automated security checks.
• Code Signing: The application is signed with a verified Apple Developer certificate.
• macOS Keychain: Licence keys and authentication credentials are stored securely in the macOS Keychain — never in plain text or configuration files.
• Minimal Permissions: The application requests only the permissions necessary for system diagnostics. It does not access personal files, project files, or session data.

2. Data in Transit

• TLS 1.3: All data transmitted between Studio Diagnostics and our infrastructure is encrypted using TLS 1.3.
• Certificate Pinning: API endpoints use Cloudflare-managed TLS certificates.
• Authenticated Requests: Every diagnostic report submission is authenticated with a valid licence key.

3. Data at Rest

• Encrypted Storage: All diagnostic data is encrypted at rest on our infrastructure.
• EU Data Residency: Data is processed and stored within the European Union.
• Access Controls: Data access is restricted to authorised Support King engineers assigned to your account.

4. Infrastructure

Our backend services are hosted on Cloudflare's global network, benefiting from enterprise-grade security controls:

• SOC 2 Type II certified
• ISO 27001 certified
• DDoS protection at the network edge
• Web Application Firewall (WAF) protecting API endpoints

5. GDPR Compliance

Support King is fully committed to compliance with the UK General Data Protection Regulation (UK GDPR):

• We collect only system configuration data — never personal files or content
• Data collection requires explicit consent via the application's first-run prompt
• Clients may request access, correction, or deletion of their data at any time
• Our data processors (Cloudflare, Resend, Slack) maintain their own GDPR compliance and appropriate certifications

For full details, see our Privacy Policy.

6. Incident Response

In the unlikely event of a security incident affecting client data, we will:

• Notify affected clients within 72 hours, in accordance with UK GDPR requirements
• Provide a clear description of the incident, data affected, and remediation steps
• Report to the Information Commissioner's Office (ICO) where required

7. Request Full Security Specification

We maintain a comprehensive Security Specification document (SK-SEC-001) that provides full technical details of our security controls, data flow diagrams, and compliance measures.

To request a copy of the Security Specification or to discuss a Data Processing Agreement (DPA), please contact:

Email: support@supportking.co.uk