Security is built into every GestWave product.
GestWave is designed to protect the data and operations of the organizations that rely on it — with encryption, strong authentication, tenant isolation and continuous monitoring across the whole platform.
This page is maintained by ARP Group Ltd to answer common security questions about GestWave products.

The controls that protect your data every day.
GestWave products share a common operational core. That means the same security controls apply consistently across Edupro, VLE and every future vertical we release.
Encryption in transit and at rest
All traffic between your users and GestWave is protected with TLS. Databases, backups and object storage are encrypted at rest using modern industry-standard algorithms.
Tenant isolation by design
Each customer's data is logically isolated. Row-level security policies are enforced at the database layer, so a request can only ever see records that belong to its own tenant.
Strong authentication
Email + password with modern password hashing, optional single sign-on, and protection against known-breached passwords. Session tokens are short-lived and rotated automatically.
Granular roles and permissions
Roles are stored in a dedicated, server-verified table and evaluated on every request. Admin actions are gated by explicit checks — never by client-side flags.
Hardened cloud infrastructure
GestWave runs on managed cloud infrastructure operated by leading providers with enterprise-grade physical security, network protection and DDoS mitigation.
Continuous monitoring
Application logs, error events and unusual access patterns are continuously observed so anomalies can be detected and investigated quickly.
Enterprise-grade cloud, without the operational burden.
GestWave is delivered as a fully managed SaaS. Compute, storage and networking run on top-tier cloud providers with certified data centers, redundant power, physical access controls and 24/7 monitoring. Backups are automated and encrypted, and the platform is architected for high availability.
Managed cloud
Trusted providers with certified data centers.
Encrypted backups
Automated, encrypted, regularly tested.
High availability
Designed to keep operations running.
DDoS mitigation
Network-level protection at the edge.
Security is a habit, not a checklist.
Every change to GestWave goes through the same rigorous process, from the first line of code to production release.
Secure by design
Security requirements are considered from the earliest stages of every feature, not bolted on at the end.
Automated checks
Every change goes through automated scans for common vulnerabilities, dependency issues and misconfigurations before it can reach production.
Reviewed rollouts
Changes are peer-reviewed and released progressively, with the ability to roll back quickly if an issue is detected.
Least-privilege access
Internal access to production environments is restricted, individually authenticated and logged.
Your data stays yours.
Customer data in GestWave is processed only to deliver the service you subscribed to. We do not sell customer data and we do not use it to train third-party models. Access to production data is restricted to a limited number of authorized people, on a least-privilege basis, and every access is logged.
- Data is stored within the regions declared in your service agreement.
- Retention periods and deletion rules follow your instructions as data controller.
- Export and deletion of your data are available on request.
We secure the platform. You secure your workspace.
Security is a shared responsibility. GestWave protects the underlying platform — infrastructure, application code, encryption and monitoring. Customers are responsible for managing their own users, roles, passwords and the content they upload.
GestWave
Platform, infrastructure, application security, encryption, monitoring.
Customer
User management, role assignments, password hygiene, uploaded content.
Prepared, transparent, accountable.
We maintain an incident response process to detect, contain and recover from security events, and to notify affected customers in line with applicable regulations and contractual commitments.
Report a security concern
If you believe you have found a vulnerability in a GestWave product, please contact our team so we can investigate quickly. Please do not test against production data belonging to other customers.
Contact the security teamCompliance & documentation
Additional documentation — including data processing agreements and information about subprocessors — is available to customers and prospects on request.
Request documentationHave a security question?
Our team is happy to walk you through our controls, compliance posture and shared responsibility model.
