Skip to content

SECURITY

Security is the product, not a page.

We hold pentest findings — the most sensitive data a client owns. Here is how we protect it, in plain terms.

EU-only hosting

All data is processed and stored in European Union regions. No data leaves the EU in normal operation.

Encryption everywhere

Encrypted in transit and at rest with industry-standard algorithms. Secrets are managed securely and never stored in source.

Strict tenant isolation

Each client's data is fully isolated and enforced at the data layer. Cross-tenant access is impossible by design.

Access control & SSO

Role-based access, least privilege, audit logging, and SSO/SAML for enterprise tenants.

Monitoring & resilience

Centralised logging, automated backups with tested restores, and continuous dependency and vulnerability scanning.

Compliance posture

GDPR-native. We map our own controls to NIS2, DORA and the ENS so our security speaks your auditors' language.

How we work

Secure development lifecycle

Code review on every change, automated SAST/DAST in CI, and dependency pinning with vulnerability alerts. We dogfood Violet on our own codebase.

Data minimisation & retention

We collect only what an audit needs. Customers can export everything and request deletion at any time; on contract end, tenant data is removed on a defined schedule.

Sub-processors

We use a short, vetted list of EU-based sub-processors (hosting, email, error monitoring). The current list is available on request and in our DPA.

Business continuity

Encrypted, geographically separated backups within the EU, with documented RPO/RTO targets and periodic restore tests.