We understand that saasmetrix processes sensitive information. That’s why protecting your data is our top priority. That’s why we respect and comply with GDPR and are ISO 27001 compliant.
Learn more about the privacy and security standards of our SaaS management tool.
saasmetrix meets all the requirements of the European GDPR and is data protection compliant as an organization and software. We have aligned our product with the essential legal requirements and support our customers in exercising the rights of data subjects (right to erasure, access or data portability; Chapter 3 GDPR).
We are currently preparing for ISO 27001 certification. We plan to do this in the 2nd quarter of 2025. Our ISMS is largely intact, but is still under construction.
saasmetrix relies on the services of Microsoft Azure (Microsoft Germany GmbH) and MongoDB (MongoDB Deutsche GmbH) to host the software. The data centers used are located within the European Union. The data centers used are also ISO/IEC 27001 certified and thus meet our high requirements for the physical security of our customers’ data.
Darüberhinaus werden die Kundendaten nicht miteinander gemischt. D.h. jeder Kunde hat seine eigene Datenbank.
We rely on the services of heydata GmbH for advice on data protection issues, support as company data protection officer and employee training in data protection matters.
heyData GmbH
Schützenstr. 5
10117 Berlin
Customer data is encrypted during transmission and “at rest” – i.e. at all times. All connections to saasmetrix services are encrypted and provided via SSL/TLS 1.2 using the ECDHE method. You cannot access the service without using HTTPS.
Die Datenbank verwendet AEAD mit dem Verschlüsselungsalgorithmus AES-256-CBC und HMAC-SHA-512 zur Sicherstellung der Datenvertraulichkeit und -authentizität.
Diese technischen Spezifikationen zeigen, dass saasmetrix hohe Sicherheitsstandards einhält. Es werden moderne und sichere Protokolle und Verschlüsselungsverfahren verwendet, um die Kommunikation und die gespeicherten Daten zu schützen.
We maintain automated access and security protocols. Access to customer data is limited and only granted to a small group of employees required for support and maintenance. Access is also restricted to a small whitelist of IP addresses via VPN. Access for individual employees is based on the “need to know” principle.