Security & Trust | RateMyMarstons

Compliance & Standards Last Audit: 22 April 2026

We perform continuous automated security scanning to ensure our platform aligns with international standards.

ISO 27001 Aligned OWASP Top 10 Defense UK GDPR Compliant (Ref: ZC077507) Secure Coding (A.8.28)

Data Controller Status: Active & Registered. Verify on Register View Certificate

As a user of this platform, you have specific rights regarding your personal data. We are committed to facilitating these rights efficiently.

You have the right to request a copy of all personal data we hold about you. This is free of charge and will be provided within 30 days.

If you have concerns about how your data is handled, please contact us first so we can resolve the issue immediately.

If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

We leverage enterprise-grade hosting to ensure your data remains secure and sovereign.

UK Data Sovereignty: Hosted via Fasthosts in Gloucester & London. Your data never leaves the UK.
Green Hosting: Powered by 100% renewable energy.
Physical Security: Our data centers are ISO 27001 certified and rated Tier IV for reliability.

Your identity is our priority. We have designed our system to strip metadata from public reviews.

Encryption in Transit: We enforce HSTS (HTTP Strict Transport Security) to ensure all connections are encrypted via TLS 1.2+.
No IP Logging: We do not store IP addresses alongside public review data to ensure anonymity.
XSS Protection: We implement Content Security Policies (CSP) to prevent malicious script injection.

We welcome the contribution of security researchers. If you identify a vulnerability (e.g., OWASP Top 10 issues), please report it.

We will not pursue legal action against researchers who report issues in good faith to security@ratemymarstons.co.uk and avoid accessing user data.