Your compliance data deserves the same protection you advise your clients to implement. Here's how we secure it.
All uploaded documents are encrypted at rest using AES-256 envelope encryption. Each file gets a unique data encryption key (DEK), itself encrypted by a master key (KEK). Even database access cannot expose plaintext content.
All servers run on Hetzner dedicated hardware in Germany. Data never leaves the EU β no US sub-processors, no transatlantic data transfers, no Cloud Act exposure. Full GDPR Art. 44 compliance.
Every uploaded file is scanned by ClamAV before processing. Infected files are rejected immediately. The scanner runs in an isolated container with automatic signature updates.
All audit log entries are signed with HMAC-SHA256. Any tampering β insertion, modification, or deletion β is cryptographically detectable. Audit trails meet NIS2 incident reporting requirements.
Before any document text reaches an AI model, Microsoft Presidio scrubs personally identifiable information (names, emails, phone numbers, Swedish personnummer). AI never sees raw PII.
Euregas does not use any US-based sub-processors for data storage or processing. Infrastructure, database, cache, email, and DNS are all EU-hosted. This eliminates Schrems II transfer risk.
Art. 25 privacy by design, Art. 32 security measures, Art. 44 transfer safeguards
Art. 9 risk management, Art. 10 data governance, Art. 15 accuracy
Art. 21 risk management, Art. 23 incident reporting, audit logging
Encryption at rest & transit, access controls, monitoring, availability
Contact us at security@euregas.eu for security inquiries, penetration test reports, or DPA requests.