Data security
Table of contents
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posere.
Content is available in multiple languages. Only the German version is legally binding.
Protecting your data is more than just a technical requirement for us – it is our top priority and a core part of our company philosophy. Our workplace management software combines proven standards, clear processes, and modern security measures to keep data secure and available at all times.
ISO27001 Security Management
Flexopus has been certified by TÜV Rheinland according to ISO27001:2022. This ISO27001:2022 certification ensures a standardized and well-maintained Information Security Management System (ISMS) at both Flexopus and the data center of our hosting partner, Hetzner Online GmbH. This guarantees that technical and organizational security measures are systematically implemented and regularly reviewed.
Sovereign Cloud & Data Sovereignty – Made in Germany
We operate a sovereignty-oriented cloud architecture: Data storage, processing, and key management are carried out entirely in Germany on ISO 27001-certified infrastructure.
- Our platform runs entirely on infrastructure located in Germany – without using hyperscalers like Amazon Web Services, Microsoft Azure, or Google Cloud Platform. Instead, we rely on dedicated systems from Hetzner Online GmbH – for maximum control over data and systems.
- No storage or regular processing of personal data outside the EU.
- Strictly controlled and logged admin access.
- Key management is performed exclusively within our controlled infrastructure in Germany.
- Clear separation between infrastructure and data access – no third-party access.
Technical & Organizational Measures
Encrypted Data Transmission
The data is encrypted during transmission using the TLS method, which is also used for online shopping or online banking. The integrity of the encryption can be verified at SSL Labs verified.
Backups with Data-at-Rest Encryption
Flexopus is a cloud solution hosted on a dedicated server. Our customers' databases are backed up daily. Backups are stored for 30 days with data-at-rest encryption on a location-independent server in Germany. After this period, the data is deleted.
Access Control & Logging
Flexopus enables role-based access, protects accounts with multi-factor authentication, and centrally logs all activities – ensuring every action is traceable and secure.
Secure Working
Through regular training, clear security guidelines, and defined incident management processes, we ensure that security standards are met and incidents are handled quickly and systematically.
Infrastructure & Operations
- Our platform runs in a highly secure, ISO 27001-certified data center.
- Automated backups, along with patch and update management, ensure stable and up-to-date systems.
- Critical components are continuously monitored to detect outages early.
- You can check the current operational status of our platform at any time at status.flexopus.com .
Product & Application Security
Our development team ensures that the application is developed release by release in compliance with internal security guidelines. Security measures are continuously evolved to effectively address current threats at all times. We consistently rely on Secure-by-Design principles, ensuring security is an integral part of the software architecture from the outset.
- Internal Manual Audits:
Four-eyes principle in development, code reviews, functional testing, security audits by our experts - Internal Automated Audits:
Code analyses, system logs, application logs, logging, code quality checks - External Audits / Penetration Tests:
Thanks to our customers, the software is audited at irregular intervals, but at least twice a year, by an independent third party. Penetration tests are conducted by our customers as part of their standard assessment and approval processes.
Cyber Resilience & DORA
Our platform is designed for resilience against disruptions and cyberattacks. Disaster recovery tests, third-party risk management, and business continuity measures ensure stable and secure services – fully in line with regulatory requirements such as DORA.
Privacy Policy
Personal data is processed in compliance with GDPR. For details on our privacy policy, please visit our Privacy Policy page.
Security Contact
For security concerns or inquiries, please contact our team at: