Skip to main content
ComplicerAUDIT GRADE
MethodologyUse casesEU AI ActPricingBlogDocsSign inSTART FREE AUDIT
Security

Security is in our DNA

As a compliance automation platform, we hold ourselves to the highest security standards. Your data protection is not just a feature — it's the foundation of everything we build.

Encryption

AES-256 + TLS 1.3

Data residency

EU (Frankfurt)

Uptime SLA

99.9%

Evidence

SHA-256 + Ed25519

How we protect your data

A multi-layered approach to security across every level of the platform.

Encryption

All data is encrypted both at rest and in transit using industry-leading standards.

  • AES-256 encryption at rest for all stored data
  • TLS 1.3 for all data in transit
  • End-to-end encryption for sensitive audit data
  • Encryption keys managed via hardware security modules (HSMs)

Infrastructure

Enterprise-grade infrastructure hosted entirely within the European Union.

  • Primary data centers in Frankfurt, Germany (EU)
  • Hosting provider (Fly.io) maintains its own compliance posture for the layers it operates
  • Redundant infrastructure with automatic failover
  • Network-level DDoS protection and WAF

Access control

Granular access controls ensure only authorized users can access your data.

  • Role-based access control (RBAC) for all accounts
  • Multi-factor authentication (MFA) support
  • SSO integration (Azure AD, Okta) for Enterprise
  • Session management with automatic timeout

Compliance

We hold ourselves to the same compliance standards we help you achieve.

  • GDPR-aligned data processing
  • Tamper-evident evidence: SHA-256 hash-chained + Ed25519-signed
  • No SOC 2 / ISO 27001 yet — we will not claim a control we have not been awarded
  • Data Processing Agreements (DPAs) available

Incident response

A dedicated incident response process ensures rapid detection and resolution.

  • 24/7 automated threat monitoring and alerting
  • Documented incident response playbooks
  • Notification within 72 hours per GDPR requirements
  • Post-incident review and public disclosure process

Penetration testing

Regular security testing by independent third-party experts.

  • Annual penetration tests by accredited third parties
  • Continuous automated vulnerability scanning
  • OWASP Top 10 coverage in all assessments
  • Findings remediated within defined SLA timelines

Data backup

Comprehensive backup strategy ensures your data is always recoverable.

  • Automated daily backups with point-in-time recovery
  • Backups encrypted and stored in separate EU region
  • Regular backup restoration testing
  • Recovery Point Objective (RPO) of 1 hour

Responsible disclosure

We welcome security researchers and maintain a responsible disclosure program.

  • Dedicated security contact: [email protected]
  • Acknowledgment within 24 hours of report
  • Safe harbor for good-faith security research
  • Public Hall of Fame for verified disclosures

Download our security whitepaper

Get a detailed overview of our security architecture, compliance certifications, and data protection measures in a single document.

No email required. Free to download.

Report a vulnerability

Found a security issue? We appreciate responsible disclosure. Please report vulnerabilities to our security team and we will respond within 24 hours.

[email protected]

Security questions?

Have questions about our security practices or need our Data Processing Agreement? Our team is happy to help with any security-related inquiries.

Contact our security team
ComplicerAUDIT GRADE

Outcome-driven GDPR compliance — banners that actually work, evidence you can show your auditor.

GDPR-ALIGNED · SHA-256 · Ed25519 · EU-W1
PRODUCT
Free scanUse casesMethodologyEU AI ActPricingDocsBlog
COMPANY
ContactSecurity
LEGAL
PrivacyTermsComplaint
EVIDENCE CHAIN INTACT · SHA-256 · Ed25519 · RFC 3161-READY© 2026 COMPLICER