Last updated: 29 May 2026
Easycore Ltd is committed to maintaining high standards of data protection, transparency, and security.
This page describes the infrastructure used to operate Easycore services and the third-party providers involved in delivering our platform.
Easycore operates a strictly layered architecture. Each layer has a single responsibility and cannot reach beyond it. This is the same model described in our internal engineering rules and is enforced at the code level.
The public website at easycore.co.uk is served by our website hosting provider. It serves the public website, customer portal, and chat widget files only.
This layer holds no customer data, runs no application logic, and has no database access. If it were fully compromised, no customer data would be exposed because none lives there.
The public entry point for all application traffic is ec.easycore.co.uk. It terminates TLS, authenticates incoming requests, validates their structure, applies rate limiting, signs them, and forwards them to the next layer over an encrypted private channel.
The gateway holds no customer business or application data on a persistent basis — only temporary operational logs required for security, monitoring, and troubleshooting — and contains no business logic. It exists to keep the AI servers off the public internet.
All customer data, business logic, and database access live exclusively on AI servers physically operated and controlled by Easycore Ltd in the United Kingdom. These servers are not publicly accessible from the internet; they only accept signed traffic that has passed through the public application gateway.
The AI server is the single source of truth for the database, business rules, and resource ownership. It enforces tenant scoping, field-level authorisation, and validation. The gateway cannot bypass these checks.
Artificial intelligence features used by Easycore operate on dedicated AI servers managed by Easycore Ltd.
AI processing is performed in-house on dedicated servers operated by Easycore Ltd in the United Kingdom. Conversation and customer data processed by our AI is not transmitted to external AI model providers for inference or training purposes.
These systems process:
AI processing infrastructure is isolated from public access and protected using security controls including restricted access, encryption, and system monitoring.
Easycore uses carefully selected third-party providers to support platform functionality.
These providers may process limited amounts of data strictly for delivering their services.
Used for payment processing.
Stripe processes billing information and subscription payments.
Website: https://stripe.com
Used for messaging services including:
Website: https://twilio.com
Used for messaging integrations including:
Website: https://meta.com
Used for:
Website: https://google.com
Used for push notifications to iOS devices where the iOS app is offered. iOS push is delivered through Firebase Cloud Messaging's Apple Push Notification service bridge rather than a direct integration.
Website: https://apple.com
Used for hosting the public-facing static website and frontend (Layer 1 above). It does not have access to customer data or business logic — those live on the Easycore-owned AI servers (Layer 3 above).
Used for the public application gateway (Layer 2 above). It holds no customer business or application data on a persistent basis (only temporary operational logs) and contains no business logic.
Easycore systems are designed to keep customer data logically separated.
This means:
Easycore implements multiple security controls including:
These measures help protect customer data and maintain service reliability.
Primary data storage occurs within the United Kingdom.
Some subprocessors may process data globally depending on their infrastructure.
All providers operate under their own privacy and security frameworks.
This page may be updated as Easycore infrastructure evolves or additional providers are added.
The latest version will always be available on the Easycore website.