Skip to content
Pridonu

Integration

Security and data protection

Your documents hold sensitive data – invoices, contracts, personal information. That is why security is not an add-on module for us but the foundation: hosting in Germany, encryption, GDPR-compliant processes and transparency about how we work.

Infrastructure

Hosted in Germany

You decide where your documents are processed: in our SaaS environment in German data centres – or as Private SaaS entirely within your own infrastructure. You will find details of the options under Interface / Hosting.

Azure region in Germany

Our SaaS platform runs in German Microsoft Azure data centres. Your documents do not leave Germany.

Certified infrastructure

The underlying Azure infrastructure is certified to ISO 27001, among others, and attested to BSI C5 and SOC 2.

Or in your environment: Private SaaS

On request we run the solution as a fully managed service within your own infrastructure – behind your firewall.

Technical measures

Security in every layer

From encrypted transmission to strict tenant separation: a selection of the measures we implement as standard –

  • Encrypted transmission (TLS) and encrypted storage (at rest)
  • User authentication and authorisation
  • Fine-grained roles and permissions
  • Multi-tenancy with strictly separated data
  • API keys for system access
  • Protection against injection attacks
  • Secure session management
  • Regular security updates
  • Logging and monitoring
  • Backups and disaster recovery

Data protection

GDPR-compliant – and verifiable

Your documents are processed on the basis of a data processing agreement under Art. 28 GDPR. We provide the draft agreement, our technical and organisational measures (TOM) and an overview of the sub-processors we use on request.

We actively support your IT security questionnaires, audits by your internal audit team or penetration tests you commission – the answers come directly from the people who built the system.

You can already see that we take data protection seriously: this website works without cookies, without trackers and without third-party services.

How we work

Operations with traceable processes

A secure product needs secure operations. Our platform processes the daily document intake of large organisations – with processes designed for that responsibility:

Service desk with ticketing system

Incidents and requests go through our service desk – every matter is logged as a ticket, prioritised and handled traceably. Nothing disappears in a shared mailbox.

Four-eyes principle for every change

Every change to the platform goes through code review and automated tests before it is released. Version control and automated pipelines document each step.

Monitoring and alerting

We monitor availability and processing centrally. If anomalies occur, the team is alerted automatically – often before a user notices anything.

Backups and recovery

Regular backups and defined recovery processes protect your data – including for the case that we hope never arises.

Questions about security or data protection?

We answer them directly – gladly together with your data protection officer or your IT security team.