How we protect your most sensitive data

We take security seriously. Here’s exactly how.

This page is for the people who need more than reassurances. You'll find the architecture decisions, certifications, and operational standards that underpin everything we build – documented, verifiable, and available on request.

Datacenter
Compliance

Our data center compliance stands for the highest security and data protection standards: from Swiss sovereignty and Tier III architecture to PCI-compliant controls and ISO 27001:2022 certification - for the best possible protection of your business-critical data.

Swiss hosting – by design, not by default

Our data centres are located exclusively in Switzerland and operate under some of the world's most rigorous data protection legislation. Switzerland's long-standing political neutrality isn't just context: it's a deliberate part of our infrastructure strategy.

  • Tier III targets (Uptime Institute) for physical resilience
  • 24/7 monitoring and controlled physical access
  • Redundant power supply and climate control
  • Processing aligned with Swiss FADP and EU GDPR
PCI DSS v4.0 – controls that hold up to scrutiny

Our security controls incorporate selected practices consistent with PCI DSS v4.0, including encryption in transit, system harding, access controls, and continuous montitoring. We don't treat PCI compliance as a checkbox: quarterly external vulnerability scans are conducted by an Approved Scanning Vendor (ASV), with mandatory re-scans after remediation or significant changes.

  • Quarterly ASV scans with confirmation records
  • Re-scans after corrections or significant infrastructure changes
  • Least privilege access and MFA enforced for administrative functions
ISO/IEC 27001:2022 – independently certified, continuously maintained

We hold ISO/IEC 27001:2022 certification – the current international standard for information security management. Certification isn't a one-time event for us: it's maintained through annual accredited surveillance audits and full recertification every three years.

  • Annual accredited surveillance audits; recertification every three years
  • Full implementation of the 2022 standard requirements
  • Comprehensive risk management documentation
  • Regular internal and external audit cycles
  • Extended controls from the 2022 revision fully implemented

Built-in Security and Availability

Security and availability are not optional extras for us,but an integral part of our DNA. With a "security first"architecture, defense-in-depth strategies, certifiedencryption procedures, continuous penetration testsand geo-redundant backups in Switzerland, we ensurethat your data remains protected and accessible at alltimes.

How is SecureSafe different from regular cloud storage?

Standard cloud storage services are primarily designed for convenience and accessibility; security is often an add-on rather than a foundation. SecureSafe is built the other way around: encryption and access control are architectural, not optional.

Disaster recovery – objectives defined, scenarios tested

We design for continuous operation and validate it through synthetic monitoring, automatic failover, and practiced DR scenarios. Recovery objectives aren't aspirational – they're tested.

  • Priorities and scope: protecting people first, clear decision authority, essential services restored within defined timeframes
  • Monitoring and detection: Zabbix (internal) and Site24x7 (external) with end-to-end synthetics; automatic failover via load balancer and application firewall; database failover managed for consistency
  • Recovery targets by scenario:
    • Data centre failure: RTO ≈ 2 hours + detection time (DNS switch to secondary site or rebuild); RPO: point-in-time recovery within the last 10 days (database WAL), weekly snapshots for 3 months, monthly snapshots for 1 year; file layer with mirrored copies and delayed deletion in DR to enable recovery of accidental deletions
    • Critical component failure: RTO ≈ 30 minutes + detection time (load balancer to hot standby); RPO: 0 hours
    • Human error / data loss: RTO ≈ 2 hours + detection time (restore from backup); RPO: up to 0 hours if detected within the backup/storage window
  • Testing and exercises:
    • Full backup-restore tests approximately every 1–2 months as part of release cycles
    • At least annual DR exercises
    • Periodic production switchovers for major upgrades
    • DNS failover process exercises conducted periodically
  • Architecture: Multi-site active/active application clusters, hot standby database replication, configuration and transaction mirroring, backup and write mirroring to DR.

Application Security

We implement multiple layers of security to protectdata both in transit and at rest. We use TLS 1.3 withPerfect Forward Secrecy for transport and strongencryption (e.g. AES-256) for stored and client-sideencrypted content. Access to applications is secured bymulti-factor authentication (MFA) and role-basedaccess control.

Häufig gestellte Fragen auf dieser Seite werden in Kürze hinzugefügt.

Operational Security

We follow strict operational procedures to ensure thatour day-to-day activities meet recognized,independently audited safety standards.

Häufig gestellte Fragen auf dieser Seite werden in Kürze hinzugefügt.