Security is Our Top Priority
Learn how we protect your data and meet regulatory requirements.
Security Measures
Encryption
TLS 1.3 for data in transit, AES-256 for data at rest.
EU Server Location
All data is exclusively processed and stored in EU data centers.
Data Minimization
We only store data that is necessary for processing.
Access Control
API keys with granular permissions. No shared access.
Compliance & Certifications
GDPR
CompliantFull GDPR compliance with Data Processing Agreement (DPA).
GoBD
CompliantGoBD-compliant processing and optional long-term archiving.
KoSIT
CompliantOfficial validation against current KoSIT schemas and Schematron rules.
SOC 2 Type II
In ProgressSOC 2 Type II certification is targeted for Q3 2026.
Our Security Practices
We follow industry-leading security standards and best practices to protect your data as effectively as possible.
- Regular penetration testing by independent security firms
- Automated dependency scans and security updates
- Audit logging of all API access and data changes
- Incident response plan with <4h reaction time
- Regular backups with geo-redundant storage
- Employee security training and access reviews
Data Flow
Your Request
HTTPS / TLS 1.3
API Gateway
Auth, Rate Limiting, WAF
Processing
Isolated Container, EU-only
Response
Validated E-Invoice
Found a Security Vulnerability?
We appreciate responsible disclosure. Please report security vulnerabilities to:
PGP key available on request. We respond within 24 hours.
Questions?
Our team is happy to answer all your questions about security and compliance.