Security
Security at WolfX
Last updated: June 2026
How does WolfX handle and store my data?
When you build a recovery case, you upload the records that support it — invoices, statements, contracts, delivery notes, reminders and correspondence. WolfX stores those records and the case data you create so you can reference them later, generate a Letter Before Action, or assemble a Court Readiness Pack.
Data is transmitted over encrypted connections (HTTPS/TLS) and held by our cloud infrastructure provider with encryption at rest. Each organisation's data is logically separated so that one customer's records are not exposed to another. We aim to keep only the data needed to run your recovery workflows, and we do not sell your data.
How do access control and authentication work?
Access to your workspace requires authentication. Within an organisation, access is governed by roles, so team members see and act on case data according to the permissions assigned to them. Our Team plan adds role-based access control (RBAC) for organisations that need finer-grained separation between, for example, operational, finance and viewer roles.
The table below summarises the main controls. Specific configuration depends on your plan and your organisation's setup.
| Control | What it does |
|---|---|
| Authenticated access | Users must sign in before reaching any case data. |
| Organisation isolation | Each organisation's records are logically separated from every other organisation. |
| Role-based permissions | Team-plan roles (e.g. finance, viewer) limit what each member can see and do. |
| Audit trail | Key actions on a case are recorded so activity can be reviewed internally. |
What is the Evidence Vault, and why does it fail closed?
The Evidence Vault is where the records that back a case are stored and referenced. It is designed as a read-only store for evidence: items are added when you build your case, then referenced — not silently altered — when you generate documents such as a Letter Before Action or a Court Readiness Pack.
The Vault is built to fail closed. If an access request cannot be authenticated, authorised, or validated — for example, a debtor-facing link that is missing, expired or tampered with — the default outcome is to deny access rather than serve the file. We would rather a legitimate user has to retry than risk exposing evidence to the wrong party.
How does WolfX protect integrity with hashing?
For recovery evidence, it matters that a record has not changed since it was captured. WolfX can compute a cryptographic hash (a fixed-length fingerprint) of stored items so that the same input always produces the same value. If a file is later altered, its hash changes, which makes tampering detectable.
Hashing supports the integrity of the evidence you reference in a Letter Before Action or a Court Readiness Pack. To be clear, a Court Readiness Pack is a prepared bundle for your own, your solicitor's, or a compliance review — it is not a court filing and not an official or certified court document.
What are my data rights?
The records in your workspace are your business records. You can reference and export the case data you create, and you can ask us to help with access and deletion in line with UK data-protection law. If you have a specific request about your data, contact us using the details below and we will respond.
On certifications: we take security seriously and treat recognised frameworks as a roadmap as the product matures. We do not claim to hold formal certifications (such as ISO 27001) that we have not been independently awarded, and this page does not assert any such certification.
How do I contact the security team?
If you have a security question, want to report a concern, or have a data request, email founder@usewolfx.com. Please include enough detail for us to locate the relevant workspace or case, and do not include passwords or other secrets in your message.
WolfX is software for evidence-backed invoice recovery workflows. WolfX is not a law firm, debt collection agency, court, or payment processor. This site provides general information, not legal advice.
Frequently asked questions
Is my data encrypted?
Yes. Data is transmitted over encrypted connections (HTTPS/TLS) and held with encryption at rest by our cloud infrastructure provider. Each organisation's data is logically separated from other organisations.
Who can access my evidence?
Access requires authentication, and within an organisation it is governed by roles. Team-plan role-based access control lets you limit what individual members can see and do. One organisation's records are not exposed to another.
What happens if a debtor link is invalid?
The Evidence Vault fails closed. If a debtor-facing link is missing, expired or tampered with, the request cannot be validated and access is denied by default rather than serving the file.
Have a security or data question?