Security & Compliance
Your data belongs to you.
A sovereign infrastructure, hosted in Europe, that meets the most stringent financial standards. Security isn't just a feature, it's our foundation.
Six pillars, zero compromises
How We Protect Your Data.
European Sovereignty
- Infrastructure designed, operated, and hosted in Europe
- No operational copies outside the EU
- Full GDPR compliance, without exception
End-to-end encryption
- TLS 1.3 for all communications
- AES-256 for data at rest
- Automatic Rotation of Cryptographic Keys
Financial Compliance
- PSD2 Standards for Payments
- PCI-DSS Level 1 for Card Processing
- Regular security audits conducted by independent third parties
Access Control
- Two-factor authentication everywhere
- Single Sign-On (SSO) for Enterprise Plans
- Comprehensive access logging and auditing
Default Privacy Settings
- We never sell data, ever
- Minimization: We collect only what is necessary
- Right to Full Deletion Within 30 Days
Business Continuity & Backups
- Encrypted backups every hour
- Disaster Recovery Plan (RPO < 1 hour, RTO < 4 hours)
- Multi-zone replication for high availability
Responsible Disclosure
Have you identified a vulnerability?
We would like to thank security researchers who take the time to report vulnerabilities to us. All serious reports are treated as a priority and handled confidentially.
Commitment
- Confirmation of receipt within 48 hours
- Regular updates on progress
- Public recognition with your consent
- Rewards for Critical Vulnerabilities