Trust, compliance, and data governance

Midday Digital is a trading name of Growcreate Limited (Company No. 08008475). All our digital services, deployments, and specialised technical systems operate under Growcreate’s governance framework. We deliver the absolute data security and operational resilience that modern boards, regulators, and legal teams require.

Our Information Security credentials

We enforce strict technical and administrative barriers across our workflows to keep client data secure, monitored, and immutable.

• ISO/IEC 27001:2022 Certification: Our core operational systems, data management policies, and engineering workflows conform to the globally recognised ISO 27001 framework for Information Security Management Systems (ISMS).

• Cyber Essentials Certified: We maintain active Cyber Essentials compliance, verifying fundamental baseline technical defences (firewalls, patch management, access controls) against common internet-borne threats.

• ICO Registered under registration number Z3122177: Growcreate Limited is fully registered with the Information Commissioner’s Office (ICO) under registration number Z3122177, strictly adhering to UK GDPR requirements and statutory data protection mandates.

Operational resilience & SLAs

Traditional outsourcing relies on a "best effort" philosophy. Midday operates under legally binding Service Level Agreements (SLAs) designed to eliminate system drift and protect business revenue.

• Guaranteed Incident Response: Critical (P1) anomalies or intrusions are triaged and acted upon within 15 minutes by senior operations teams using 24/7 logging tools.

• Infrastructure Availability: We architect production systems and custom web applications to deliver a 99.95%+ uptime target using multi-region redundancy, automated geo-replication, and continuous health testing.

• Aligned with the Financial Conduct Authority (FCA) Operational Resilience Framework: Our business continuity blueprints, formal risk registers, and rapid disaster recovery plans meet operational resilience mandates set by UK regulators.

Technical add-ons & capabilities

Validated tech stack & integration mappings

Midday designs, integrates, and customises specialised technical architecture tailored to enterprise environments. We avoid locked-in vendor recommendations and maintain expert development capabilities across the following ecosystems:

• CRM & Pipeline Automation (Certified implementation, role-based access management, and bi-directional synchronisation with HubSpot); Sensitive Data Configurations; and Salesforce Trust and Compliance Architecture.

• Enterprise CMS Systems: Native deployment, custom portal architecture, and upgrades adhering to the official Umbraco Security Hardening Specifications and modern .NET headless configurations.

• Cloud Infrastructure & Hosting: Advanced architecture planning, cost optimisation, and deployment on Microsoft Azure Trust and Compliance Vaults and AWS, ensuring full data residency within the UK or EU boundaries.

Enterprise-grade AI safety and engineering frameworks

When we deploy standalone AI retrieval pipelines and automated agentic workflows, data protection and audit trails are non-negotiable. Our technical implementations isolate client assets from public data risks:

• Data Leakage Prevention: We build exclusively with private API layers, including OpenAI API Enterprise Data Controls and Microsoft Azure OpenAI Service Architecture, ensuring customer inputs are never used for public model training.

• Vector Infrastructure & RAG: Secure setup of vector databases, such as Pinecone, Weaviate, or Pgvector, using end-to-end data encryption in transit and at rest via TLS and Azure Transparent Data Encryption.

• Orchestration & Governance: System interactions are built on structured frameworks such as LangChain or LlamaIndex, incorporating automated guardrails, prompt filtering, and comprehensive data-flow mapping aligned with the statutory rules of the EU Artificial Intelligence Act Portal.

Defensive security & risk mitigation

We go beyond paper compliance to safeguard live customer assets from external threat vectors.

• Penetration Testing: We routinely engage independent CREST-Accredited Security Evaluators to run rigorous, third-party penetration assessments on our solutions, validating our engineering defences from an attacker’s perspective.

• Perimeter Protection: All solutions deploy Web Application Firewalls (WAFs), Multi-Factor Authentication (MFA) policies, and endpoint protections to mitigate SQL injection, cross-site scripting (XSS), and malicious DDoS attacks.

Our Southwest footprint

While Midday supports organisations across the UK, we maintain a dedicated physical presence and localised service for businesses and nonprofits throughout the Bath and Bristol corridors.

• Registered Office: Growcreate Limited, 18 Weavers Branch, Thame, England, OX9 2FQ, UK. (Verified via UK Companies House Corporate Registry).

• Regional Collaboration: We align with the Southwest technology ecosystem, working actively with local networks such as the Bristol Creative Industries Member Directory and regional enterprise boards to keep high-value digital skills centred in our communities.

Inclusive design & accessibility standards

Digital products must be universally usable and legally compliant with regional statutory access laws.

• WCAG 2.2 AA Compliance Standards: Every custom website design, interface layout, and conversion asset built by Midday is systematically engineered to meet the Web Content Accessibility Guidelines (WCAG) 2.2 Level AA.

• Structured Markup Governance: We enforce strict data structure validation—ranging from contrast controls to mandatory metadata parameters and clean accessibility trees—protecting your organisation against compliance exposure and ensuring an optimal experience for all users.