Security isn't a feature.
It's the foundation.
Every feature built with Privacy by Design and Security by Default. EU-hosted. GDPR compliant. Audit-ready from day one.
Six pillars of security
Data encryption
- TLS 1.3 encryption for all traffic
- AES-256 encryption for data at rest
- Passwords hashed with bcrypt (hash + salt)
- API tokens with Laravel Sanctum (JWT)
- Two-factor authentication (TOTP) for every user
Roles & permissions
- Three levels: Admin, Manager, Employee
- Department and role-based access control
- Granular permissions โ everyone sees only what they're allowed
- GDPR Article 15 โ personal data access on request
- Full permission audit trail per user
Audit trail
- Immutable audit log of every action
- Logged: timestamp, user, IP address, change
- Cannot be deleted โ not even by admins
- Exportable for inspection or legal proceedings
- 7-year default retention
GDPR & data location
- Servers exclusively in EU (Hetzner, Frankfurt)
- Data never leaves the EU โ GDPR Art. 44 compliant
- Right to erasure processed within 72 hours
- Personal data processed under DPA template
- Article 30 processing register built in
Backups & recovery
- Daily encrypted backups of database and files
- 30-day retention with geographic redundancy
- Recovery in under 4 hours for critical failure
- Monthly disaster recovery tests
- Point-in-time recovery available
Availability & SLA
- Uptime SLA: 99.9% monthly
- Support response: under 4 hours (business days)
- Critical incidents: under 1 hour response
- Planned maintenance announced 48h in advance
- Real-time status page
Entexia is developed following Privacy by Design and Security by Default principles โ security is not an add-on, it's baked into every architectural decision. Every feature was risk-assessed before implementation. Your data is your business asset. We treat it that way.
Security FAQ
Where is my data stored?
All data is stored on Hetzner servers in Frankfurt, Germany. Data never leaves the European Union. We comply fully with GDPR Article 44 regarding cross-border data transfers.
Who can see our company's data?
Only your users, with the permissions you assign. Entexia support staff cannot access your data without explicit written authorization. All access is logged in the immutable audit trail.
What happens if there's a data breach?
We notify you within 24 hours of discovering any incident. Our GDPR module automatically tracks the 72-hour regulatory notification deadline. Our incident response team is on call 24/7.
Can we delete all our data if we leave?
Yes. We provide a full data export in standard formats upon request. After you confirm deletion, all data is permanently removed within 30 days with a signed confirmation.
Is Entexia suitable for healthcare or financial data?
Entexia is designed with the strictest data handling practices. For regulated industries, we offer enhanced DPA agreements and can discuss specific compliance requirements on request.
Questions about security?
Our team is happy to walk you through architecture, answer compliance questions, and provide DPA documentation.