Security & Compliance

Your data stays in Germany. Always.

German data centres

All Elephanto data is stored exclusively in our secure, ISO 27001 certified data centre in Frankfurt, Germany — GDPR-ready by default.

  • ISO 27001 zertifizierte Rechenzentrumseinrichtungen
  • BDSG & DSGVO-konform
  • Keine Daten verlassen jemals die EU
  • 24/7 physische Sicherheitsüberwachung
  • Redundante Strom- und Netzwerkversorgung
🇩🇪
Hosted in Germany
Frankfurt · ISO 27001 certified

Certifications & Standards

We hold or actively pursue the following certifications.

🔒

DSGVO / GDPR

✅ Fully compliant

🏅

ISO 27001

🔧 In progress

🛡️

BSI IT-Grundschutz

✅ Aligned

🔐

TLS 1.3

✅ Encryption in transit

💾

AES-256

✅ Encryption at rest

🔄

Daily Backups

✅ Automated & verified

Our GDPR commitments

📄

Data Processing Agreement (AVV / DPA)

Available on request for all customers. Required under GDPR Art. 28. Contact sales@elephanto.eu to receive yours.

🗑️

Right to deletion

All customer data is permanently deleted within 30 days of account closure. No backups retained beyond that window.

🌍

No third-party data sharing outside the EU

We do not sell or share your data. All sub-processors are EU-based and GDPR-compliant.

📦

Data portability

Export all your asset data in CSV or JSON at any time — no restrictions, no fees.

Responsible Disclosure

Found a security vulnerability? Please report it to us directly and responsibly. We'll respond within 48 hours.

security@elephanto.eu