Data & Security
The registrations, certifications and standards behind the Tyst platform, and what each one actually means for your data.
Who builds and runs Tyst
Tyst is a Four Fjord product. The platform itself, the Android app, the web dashboard at app.tyst.uk and this website, is designed, built and operated by ReflowAI, our technology partner and webmaster.
Because ReflowAI runs the systems that handle your data, it is ReflowAI that holds the data-protection registration and cyber-security certifications on this page. Everything below is registered to ReflowAI and covers the infrastructure that powers Tyst.
UK data protection
Registered with the ICO
ReflowAI is registered with the Information Commissioner's Office (ICO), the UK's independent regulator for data protection, under registration number ZC176661.
Every UK organisation that processes personal data must register with the ICO and pay a data-protection fee. For you as a Tyst user, our registration means:
- Lawful basis for processing, personal data handled through Tyst is processed under the lawful bases set out in UK GDPR and the Data Protection Act 2018, exactly as described in our privacy policy.
- GDPR accountability, ReflowAI appears on the ICO's public register and is answerable to the regulator for how data is collected, stored and used.
- Right to complain to the ICO, if you are ever unhappy with how your data is handled, raise it with us first, and you always have the right to complain directly to the ICO.
Certified
Cyber Essentials
Cyber Essentials is the UK government-backed cyber-security certification scheme, run by the National Cyber Security Centre (NCSC) and delivered through IASME. To be certified, an organisation must demonstrate five technical controls that stop the most common cyber attacks:
- Firewalls, every internet connection is protected by a correctly configured firewall.
- Secure configuration, systems are set up to minimise vulnerabilities, with default passwords, sample accounts and unused services removed.
- User access control, access to data and services is limited to the people who actually need it, with administrator rights tightly controlled.
- Malware protection, devices are defended against malware and untrusted software.
- Security update management, software is kept up to date and security patches are applied promptly.
ReflowAI holds Cyber Essentials certification. For Tyst users, that means the systems storing your schedules, job evidence and account data are assessed against the NCSC's baseline and re-certified every year, independently verified, not just our own say-so.
Our live Cyber Essentials certificate, issued through the IASME / BlockMark registry. Click the badge to verify it at source.
Working towards ISO 27001
ISO/IEC 27001 is the leading international standard for information security management systems (ISMS). Where Cyber Essentials checks a defined set of technical controls, ISO 27001 goes much further: it requires a complete management system for security, covering people, processes and technology, built on continuous risk assessment and improvement, and verified by an independent accredited auditor.
We do not hold ISO 27001 certification yet, and we won't claim it until an auditor says so. ReflowAI is currently building its ISMS and working towards certification. We will update this page as we progress.
Questions about our data handling in the meantime? Read the privacy policy or contact us.