Trust Center
Our security posture, compliance certifications, and data handling practices.
Compliance & Certifications
GDPR / DSGVO
Full compliance with EU General Data Protection Regulation. DPA available on request.
ISO 27001
Information security management certification planned for 2027.
Infrastructure Security
MicroVM Isolation
Every workload runs in a dedicated Firecracker microVM with its own kernel.
EU-Only Data Centers
All infrastructure operates exclusively within EU jurisdiction.
Encryption
AES-256 at rest, TLS 1.3 in transit. Keys managed in EU-based HSMs.
Network Segmentation
Strict tenant isolation with zero-trust networking between workloads.
Automated Patching
Security patches applied automatically within 24 hours of release.
Immutable Infrastructure
VMs are rebuilt from scratch on every deploy — no drift, no residual state.
Data Handling
Data Residency
Customer data never leaves EU jurisdiction. Processing and storage exclusively in EU data centers.
Data Retention
Data deleted within 30 days of account termination. Backups purged within 90 days.
Access Controls
Role-based access with MFA enforced. All access logged and auditable.
Backups
Encrypted daily backups with 30-day retention. Stored in a separate EU region.
Sub-processors
We use a minimal set of sub-processors, all based in the EU or operating under EU-adequate data protection.
| Name | Purpose | Location | DPA |
|---|---|---|---|
| Hetzner Online GmbH | Infrastructure & compute | Germany | Achieved |
Incident Response
We maintain a documented incident response plan with defined escalation procedures and regular tabletop exercises.
Monitoring & Status
Continuous monitoring across all infrastructure components.
Request Documentation
Need our SOC 2 report, DPA, or security questionnaire responses? We're happy to share.