Security

Security is in our DNA

As a compliance automation platform, we hold ourselves to the highest security standards. Your data protection is not just a feature — it's the foundation of everything we build.

Encryption

AES-256 + TLS 1.3

Data residency

EU (Frankfurt)

Uptime SLA

99.9%

Compliance

GDPR + SOC 2

How we protect your data

A multi-layered approach to security across every level of the platform.

Encryption

All data is encrypted both at rest and in transit using industry-leading standards.

AES-256 encryption at rest for all stored data
TLS 1.3 for all data in transit
End-to-end encryption for sensitive audit data
Encryption keys managed via hardware security modules (HSMs)

Infrastructure

Enterprise-grade infrastructure hosted entirely within the European Union.

Primary data centers in Frankfurt, Germany (EU)
SOC 2 Type II certified hosting provider
Redundant infrastructure with automatic failover
Network-level DDoS protection and WAF

Access Control

Granular access controls ensure only authorized users can access your data.

Role-based access control (RBAC) for all accounts
Multi-factor authentication (MFA) support
SSO integration (Azure AD, Okta) for Enterprise
Session management with automatic timeout

Compliance

We hold ourselves to the same compliance standards we help you achieve.

GDPR compliant data processing
SOC 2 Type II certification (in progress)
Annual third-party security audits
Data Processing Agreements (DPAs) available

Incident Response

A dedicated incident response process ensures rapid detection and resolution.

24/7 automated threat monitoring and alerting
Documented incident response playbooks
Notification within 72 hours per GDPR requirements
Post-incident review and public disclosure process

Penetration Testing

Regular security testing by independent third-party experts.

Annual penetration tests by accredited third parties
Continuous automated vulnerability scanning
OWASP Top 10 coverage in all assessments
Findings remediated within defined SLA timelines

Data Backup

Comprehensive backup strategy ensures your data is always recoverable.

Automated daily backups with point-in-time recovery
Backups encrypted and stored in separate EU region
Regular backup restoration testing
Recovery Point Objective (RPO) of 1 hour

Responsible Disclosure

We welcome security researchers and maintain a responsible disclosure program.

Dedicated security contact: [email protected]
Acknowledgment within 24 hours of report
Safe harbor for good-faith security research
Public Hall of Fame for verified disclosures

Download our security whitepaper

Get a detailed overview of our security architecture, compliance certifications, and data protection measures in a single document.

No email required. Free to download.

Report a Vulnerability

Found a security issue? We appreciate responsible disclosure. Please report vulnerabilities to our security team and we will respond within 24 hours.

[email protected]

Security Questions?

Have questions about our security practices or need a copy of our SOC 2 report? Our team is happy to help with any security-related inquiries.

Contact our security team

Security

Security is in our DNA

As a compliance automation platform, we hold ourselves to the highest security standards. Your data protection is not just a feature — it's the foundation of everything we build.

Encryption

AES-256 + TLS 1.3

Data residency

EU (Frankfurt)

Uptime SLA

99.9%

Compliance

GDPR + SOC 2

How we protect your data

A multi-layered approach to security across every level of the platform.

Encryption

All data is encrypted both at rest and in transit using industry-leading standards.

AES-256 encryption at rest for all stored data
TLS 1.3 for all data in transit
End-to-end encryption for sensitive audit data
Encryption keys managed via hardware security modules (HSMs)

Infrastructure

Enterprise-grade infrastructure hosted entirely within the European Union.

Primary data centers in Frankfurt, Germany (EU)
SOC 2 Type II certified hosting provider
Redundant infrastructure with automatic failover
Network-level DDoS protection and WAF

Access Control

Granular access controls ensure only authorized users can access your data.

Role-based access control (RBAC) for all accounts
Multi-factor authentication (MFA) support
SSO integration (Azure AD, Okta) for Enterprise
Session management with automatic timeout

Compliance

We hold ourselves to the same compliance standards we help you achieve.

GDPR compliant data processing
SOC 2 Type II certification (in progress)
Annual third-party security audits
Data Processing Agreements (DPAs) available

Incident Response

A dedicated incident response process ensures rapid detection and resolution.

24/7 automated threat monitoring and alerting
Documented incident response playbooks
Notification within 72 hours per GDPR requirements
Post-incident review and public disclosure process

Penetration Testing

Regular security testing by independent third-party experts.

Annual penetration tests by accredited third parties
Continuous automated vulnerability scanning
OWASP Top 10 coverage in all assessments
Findings remediated within defined SLA timelines

Data Backup

Comprehensive backup strategy ensures your data is always recoverable.

Automated daily backups with point-in-time recovery
Backups encrypted and stored in separate EU region
Regular backup restoration testing
Recovery Point Objective (RPO) of 1 hour

Responsible Disclosure

We welcome security researchers and maintain a responsible disclosure program.

Dedicated security contact: [email protected]
Acknowledgment within 24 hours of report
Safe harbor for good-faith security research
Public Hall of Fame for verified disclosures

Download our security whitepaper

Get a detailed overview of our security architecture, compliance certifications, and data protection measures in a single document.

No email required. Free to download.

Report a Vulnerability

Found a security issue? We appreciate responsible disclosure. Please report vulnerabilities to our security team and we will respond within 24 hours.

[email protected]

Security Questions?

Have questions about our security practices or need a copy of our SOC 2 report? Our team is happy to help with any security-related inquiries.

Contact our security team