Security

Last updated: January 2026

Your data security matters to us. This page explains in plain language how we protect our service and your information.

Where Is Your Data?

🇫🇮

In Finland, Tuusula

All our services and your data are located at Hetzner Data Center Park Helsinki in Tuusula. Your data never leaves the EU/EEA.

Hetzner Data Center Park Helsinki
Huurrekuja 10, 04360 Tuusula

How Do We Protect Your Data?

Encryption

✓In transit: All connections are encrypted (TLS 1.3). You can see this from the lock icon in your browser.
✓At rest: Server disks are encrypted. Physical theft of a hard drive won't expose your data.
✓Passwords: Your passwords are stored hashed (bcrypt) – we can't read them ourselves.

Access Control

✓Only a few people have access to production servers
✓Administrative access requires two-factor authentication (2FA)
✓Access is granted on a least-privilege basis – access only to what's needed

Monitoring & Logging

✓We monitor service status 24/7 with automated checks
✓We log important events (logins, changes, errors)
✓We receive automatic alerts for anomalies

Updates & Maintenance

✓Security updates are installed promptly
✓We use automated vulnerability scanning
✓Critical updates are applied within 24 hours of release

Backups

Backup coverage depends on your service tier:

Free Tier

No backups included. You're responsible for backing up your own data.

Business Tier (Backup Add-on)

Frequency: Daily
Retention: 14 days
Restore time: Typically 1-4 hours
Location: Separate location in Finland

Note: Backups include database and file data. Restoration is done via support request.

What If Something Goes Wrong?

Security Incident

If we detect a security issue that may affect your data, we'll notify you within 72 hours per GDPR. We'll explain what happened, what data was involved, and what actions we've taken.

Service Outage

We continuously monitor service status. We'll notify you of outages via email and on our website if needed. Business customers receive credits for prolonged outages.

Your Responsibility

Security is a shared responsibility. You can improve your own security by:

•Using a strong, unique password for your account
•Not sharing your credentials with others
•Keeping passwords for deployed software safe
•Free tier: making your own backups

Our Service Providers

We use the following trusted service providers:

Provider	Purpose	Location
Hetzner	Server infrastructure	Finland (Tuusula)
Stripe	Payment processing	EU
SendGrid	Email delivery	EU
Fathom Analytics	Analytics (cookieless)	EU

All our subprocessors are GDPR-compliant and process data within the EU/EEA.

Report a Security Issue

If you discover a security issue or vulnerability, please report it to us:

Email: [email protected]

We respond to security reports with priority and will keep you informed of remediation efforts.

Security Questions?

If you have questions about our security practices or need more information for procurement decisions, contact:

[email protected]

Our security practices are designed following ISO/IEC 27001 control categories. We are not certified, but we follow the standard's principles in our practices.