Skip to main content

Our Security Measures (Technical and Organisational Measures – TOMs)

TLS Encryption & Access Controls

TLS/SSL for all transmissions; AES-256 at rest
Strict role-based access (least privilege)
Multi-factor authentication (MFA)
Tenant-level data separation and isolated runtime environments

ISO 27001 Alignment

Hosted in ISO 27001–certified EU data centers (e.g., Azure, Hetzner)
Security management aligned with ISO 27001 principles
(regular reviews, risk analysis & control assessments)

Logging, Monitoring, Alerting

Comprehensive audit logs (access/changes)
Continuous monitoring with automated alerts
DDoS protection and rate limiting

Employee Training & Role Principle

Confidentiality commitments for all employees
Recurring privacy/security training
Need-to-know and dual-control in sensitive areas

Data protection by design & by default

Data minimisation, pseudonymisation/encryption
EU-only processing, customer-controlled retention/deletion
No AI training on customer data; no processing for our own business purposes

Full details are provided in Appendix 1 (TOMs) of the DPA.

TLS Encryption & Access Controls
ISO 27001 Alignment
Logging, Monitoring, Alerting
Employee Training & Role Principle
Data protection by design & by default