Data protection and privacy

Data security

Overview

Here you can see a few measures undertaken by Flexopus to protect your data. We do much more, these are just the most frequently asked measures.

Backups

Flexopus creates a daily backup of your data, which is stored on a geo-independent server. The backup is encrypted at rest and retained for 30 days to ensure data security and recovery if needed.

Where is the application hosted?

Flexopus is hosted in Germany, Falkenstein and Germany, Nürnberg by our IaaS service provider Hetzner Online GmbH. Hetzner is ISO/IEC 27001 certified, as well as Flexopus itself. The application is hosted on a dedicated server cluster maintained by the Flexopus DevOps team. The development infrastructure is separated from the production infrastructure.

💡

Note! The Flexopus application is NOT HOSTED on Google Cloud, Microsoft Azure or Amazon AWS, and we are planning to keep it that way.

Which SMTP service is used?

E-mails and newsletters are sent via rapidmail (German provider) by default and in an emergency via Mailjet (French provider). However, we offer the option to use an own SMTP provider as well. Learn more here:

Which TLS standards are in use?

The data is encrypted during transmission using the usual TLS. A detailed report can be viewed at the following URL:

SSL Server Test: demo.flexopus.com (Powered by Qualys SSL Labs)

Data encryption

Passwords are stored salted and hashed, of course. Sessions are stored encrypted, using symmetric encryption with an application key. The symmetric encryption used is AES-256-CBC.

Data at rest are currently not encrypted because the system only stores data it needs to access for calculations, so the decryption key would be needed on the host anyway.