EU hosting, encryption in transit and at rest, GDPR tooling built in — and your money never passes through us.
TLS on every connection and encrypted storage at rest. Tenant payment keys get an extra layer — AES-256-GCM at the application level.
Amsterdam, the Netherlands — on Google Cloud infrastructure via Railway, in ISO 27001-certified data centers. Your data stays in the EU.
Export or permanently delete a client's data directly from the admin. Data Processing Agreement available on request.
Passwords hashed with scrypt, optional two-factor (TOTP) with one-time recovery codes, and password changes that invalidate open sessions.
Online payments settle directly with your payment provider (LiqPay or Stripe). We never hold your funds, and card data never reaches our servers.
Every query is scoped to your business at the database level. Sensitive operator actions are recorded in an audit log.
Found a security issue? Report it through our contact form (Bug report) — you'll get a ticket reference right away. We acknowledge reports within 24 hours and prioritize verified critical issues.