Trust Center

Our infrastructure is designed with security as a first principle:

• All data encrypted in transit (TLS 1.3) and at rest.
• Infrastructure hosted in EU data centers with SOC 2 Type II certified providers.
• Automated vulnerability scanning and dependency monitoring.

We handle your data with care and transparency:

• GDPR-compliant data processing with clear legal bases.
• Data minimization — we only collect what we need.
• Transparent data retention and deletion policies.

We align with recognized standards and frameworks:

• GDPR — full compliance as an EU-based company.
• OWASP Top 10 — our development follows secure coding practices.
• Regular security audits and penetration testing.

We enforce strict access controls including role-based access, multi-factor authentication for all internal systems, and the principle of least privilege. Access to production systems is logged and audited.

We maintain a documented incident response plan with defined escalation paths, communication protocols, and post-incident review processes. Security incidents are communicated transparently to affected parties.

All third-party vendors and service providers are evaluated for security practices and bound by data processing agreements. We regularly review vendor security posture and compliance.

To report a security concern or request our security documentation, contact us at [email protected].