Your data is safe with us
Security is at the heart of everything we do. Discover the measures we take to protect your data and ensure your trust.
GDPR Compliant
Full compliance with European privacy legislation
EU Data Residency
All data is stored within the EU
ISO 27001 Partners
Our infrastructure partners are ISO 27001 certified
Security Overview
Better Desk is built with security as a core principle. We understand that you trust us with sensitive business data and take this responsibility very seriously.
Our security principles
Data Encryption
All your data is protected with strong encryption, both in transit and at rest.
TLS 1.3 Encryption
In transitAll communication between your device and our servers is encrypted with TLS 1.3, the latest and most secure encryption standard.
AES-256 Encryption
At restAll stored files and documents are encrypted with AES-256 encryption, the same standard used by banks.
Database Encryption
At restThe database is fully encrypted, including backups. Even with physical access, data is unreadable.
End-to-End Signing
IntegrityDigital signatures are cryptographically secured and cannot be forged or altered.
Infrastructure
Hetzner Cloud - Germany
Our infrastructure runs entirely on Hetzner servers in Germany. This guarantees that your data stays within the EU and complies with the strictest German privacy legislation.
Authentication
Secure and user-friendly authentication via your existing Microsoft account.
Microsoft Entra ID (OAuth 2.0)
Secure single sign-on via your existing Microsoft account. We never receive your password.
Multi-Factor Authentication
Support for MFA via your organization's Microsoft 365 configuration.
Session Security
Automatic session expiration, secure tokens, and ability to terminate sessions remotely.
Access Control
Strict access controls ensure that only authorized users have access to relevant data.
Role-Based Access Control
Users only have access to data relevant to their role within the organization.
Organization Isolation
Strict separation between organizations. Data is never accessible to other organizations.
Audit Logging
All data access is logged for compliance and security monitoring.
Administrator Privileges
Only authorized administrators can change organization settings or manage users.
Incident Response
We have a comprehensive incident response plan to respond quickly and effectively to security incidents.
Detection
Automatic monitoring detects anomalies and potential security incidents.
Classification
Incidents are classified by severity and priority for rapid response.
Containment
Immediate measures to limit impact and prevent further damage.
Investigation
Thorough analysis of the cause and scope of the incident.
Communication
Transparent communication to affected parties within 72 hours (per GDPR).
Recovery & Evaluation
Full recovery and evaluation to prevent recurrence.
Audits & Penetration Tests
Regular security assessments ensure our security stays up-to-date and meets the highest standards.
Code Reviews
Every code change is reviewed for security risks before going to production.
Vulnerability Scanning
Automatic scans detect known vulnerabilities in dependencies and configurations.
Penetration Tests
Periodic penetration tests by external security experts to identify vulnerabilities.
Compliance Audits
Regular audits to ensure we comply with GDPR and other regulations.
Employee Security
Our employees are trained in security awareness and follow strict protocols to protect your data.
Questions about our security?
We're ready to answer all your security questions. Feel free to contact us.
security@better-desk.app