Security isn’t just a feature – it’s the foundation
German servers, AES-256-GCM encryption, role-based access control and GDPR compliance. Your data is safe with us.
Wie wir deine Daten schützen
Mehrschichtige Sicherheitsarchitektur
AES-256-GCM encryption
All sensitive data is stored in encrypted form using AES-256-GCM – the same standard used by banks and governments.
German servers
All data is stored and processed exclusively on German servers. Full GDPR compliance is guaranteed.
RBAC with over 40 permissions
A granular role-based system with over 40 individual permissions. Control exactly who is allowed to view and edit what.
Multi-tenant isolation
5-layer security model: authentication, server organisation resolution, database organisation check, no S3 key exposure, S3 key organisation validation.
Rate-Limiting & Brute-Force-Schutz
Sliding-window rate limiting on all public endpoints. Protection against login brute-force attacks, password spraying and API abuse.
File security
MIME blocklist for dangerous file types (HTML, SVG, EXE, etc.). No direct S3 access – all downloads via authenticated API proxies.
Security FAQ
All data is stored on German servers hosted by Hetzner. Hetzner operates ISO 27001-certified data centres in Germany.
Yes. German servers, encrypted storage, data processing agreement (DPA) available, right to erasure implemented, no transfer to third countries.
Passwords are stored in hashed form using bcrypt – never in plain text. We also support password-free login via Magic-Link.
We have a documented incident response process. Affected customers are notified within 72 hours, as required by the GDPR.
Security you can trust
Start with the peace of mind that your data is in safe hands.