Security & Compliance

Last change: Jul 1, 2025
Content of this page

I take reasonable steps to protect your and my data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction.

Infrastructure and Network Security

My products & services are usually hosted on on-premise servers hosted by Hetzner. Some smaller sites and some E-Mail infrastructure is handled by All-Inkl.com and stored on shared vhosts.

Physical Access

These data centers have several safeguards to prevent unauthorized access

Digital Access

Only authorized staff is allowed to access the operating systems, platforms and services and are protected with strong passwords, key access and hardware two-factor authentication. Some parts are behind a private network.

Backups

Daily, Weekly, Monthly, Quarterly, Yearly backups are in place where it makes sense. Time frame depends on how critical the data is and what purpose it serves. All backups are encrypted and stored on multiple secure backup servers.

Audits & Penetration Testing

Unfortunately due to the small size of my business I'm not able to afford these kind of security enhancements.

Prevention & Intrusion Detection

The systems are covered with security mechanisms to identify suspicious behavior and does reduce the attack surface. Alerts are sent out as soon as some unusual activity has been identified.

Data Security and Privacy

Data is sent exclusively over HTTPS transport layer security (TLS) encrypted connections from the applications & services to the end user.

Documentation

There is documentation in place on how to proceed if there is a data breach, how everything works together and who to notify, including a list of emergency contacts. Up-2-data information and workflows for new staff is available and is updated from year to year based on best practice, new methods and software and experience.

Vulnerability Disclosure

I'm always eager to improve and if you found something, let me know!

I'm thankful for any information about a possible vulnerability in my systems, products or services.

If you believe you found something, don't hesitate and contact me at [email protected] and get in touch with me asap!

I would be grateful to receive information such as a proof of concept, tools used, and any other information that might be useful for this report to be able to verify it.

Once verified and depending on the scale I will notify users and keep updates about the issue as they arrive.

Unfortunately I can't give a bounty reward in cash, but publicity (if you want) which might be rewarding to you as well.

Cookie PolicyPrivacy PolicyContact Me