SECURITY
Security is the product, not a page.
We hold pentest findings — the most sensitive data a client owns. Here is how we protect it, in plain terms.
EU-only hosting
All data is processed and stored in European Union regions. No data leaves the EU in normal operation.
Encryption everywhere
Encrypted in transit and at rest with industry-standard algorithms. Secrets are managed securely and never stored in source.
Strict tenant isolation
Each client's data is fully isolated and enforced at the data layer. Cross-tenant access is impossible by design.
Access control & SSO
Role-based access, least privilege, audit logging, and SSO/SAML for enterprise tenants.
Monitoring & resilience
Centralised logging, automated backups with tested restores, and continuous dependency and vulnerability scanning.
Compliance posture
GDPR-native. We map our own controls to NIS2, DORA and the ENS so our security speaks your auditors' language.
How we work
Secure development lifecycle
Code review on every change, automated SAST/DAST in CI, and dependency pinning with vulnerability alerts. We dogfood Violet on our own codebase.
Data minimisation & retention
We collect only what an audit needs. Customers can export everything and request deletion at any time; on contract end, tenant data is removed on a defined schedule.
Sub-processors
We use a short, vetted list of EU-based sub-processors (hosting, email, error monitoring). The current list is available on request and in our DPA.
Business continuity
Encrypted, geographically separated backups within the EU, with documented RPO/RTO targets and periodic restore tests.