Security is built in.
From day one.
The data we process.
We process face scans, voice recordings, transcripts, your location , and your SIA licence details. Below, you can see where each type of data is stored and how we protect it.
Your data stays in the UK
Below is a list of the partners that help us run OnSiren. Some store your data, others only handle small operational bits of it.
| Company | Purpose |
|---|---|
| Cloud hosting, AI inference (Bedrock), face-liveness detection (Rekognition), object storage (S3), and text-to-speech (Polly). London region (eu-west-2). | |
| Claude foundation models for the Alpha-1 dispatcher. Accessed through AWS Bedrock (in eu-west-2) prompts and completions stay inside AWS infrastructure and are not used to train Anthropic or Amazon models. | |
| Speech-to-text, text-to-speech, and the Alpha-1 Voice Agent. Routed through Deepgram’s EU endpoint. | |
| Primary relational database (Amazon RDS, eu-west-2). TLS in transit, certificate verification on. | |
| In-memory cache, session store, and BullMQ job-queue backing. eu-west-2. | |
| Self-hosted WebRTC transport for push-to-talk audio. UK or EU infrastructure. | |
| SMS one-time-password delivery. Phone number plus the message body (OTP codes today). | |
| Abuse and bot mitigation on phone OTP and the public claim flow. | |
| Identity provider for the admin console. Staff only; officers never see it. | |
| Optional operator notifications for the claim funnel. Off by default; phone numbers and emails are partial-masked. | |
| Transactional email delivery for system messages and OTP fallback. EU-incorporated (Czech Republic). | |
| Planned. Tag management container for analytics scripts on the landing site. Loads only after cookie consent. | |
| Planned. Aggregated visitor analytics on the landing site. Will be installed with IP anonymisation enabled, Google Signals off, and Demographics / Interest reporting off. |