How we protect your most sensitive data

We take security seriously. Here’s exactly how.

This page is for the people who need more than reassurances. You'll find the architecture decisions, certifications, and operational standards that underpin everything we build – documented, verifiable, and available on request.

Datacenter
Compliance

Our data center compliance stands for the highest security and data protection standards: from Swiss sovereignty and Tier III architecture to PCI-compliant controls and ISO 27001:2022 certification - for the best possible protection of your business-critical data.

Swiss hosting – by design, not by default

Our data centres are located exclusively in Switzerland and operate under some of the world's most rigorous data protection legislation. Switzerland's long-standing political neutrality isn't just context: it's a deliberate part of our infrastructure strategy.

  • Tier III targets (Uptime Institute) for physical resilience
  • 24/7 monitoring and controlled physical access
  • Redundant power supply and climate control
  • Processing aligned with Swiss FADP and EU GDPR
PCI DSS v4.0 – controls that hold up to scrutiny

Our security controls incorporate selected practices consistent with PCI DSS v4.0, including encryption in transit, system harding, access controls, and continuous montitoring. We don't treat PCI compliance as a checkbox: quarterly external vulnerability scans are conducted by an Approved Scanning Vendor (ASV), with mandatory re-scans after remediation or significant changes.

  • Quarterly ASV scans with confirmation records
  • Re-scans after corrections or significant infrastructure changes
  • Least privilege access and MFA enforced for administrative functions
ISO/IEC 27001:2022 – independently certified, continuously maintained

We hold ISO/IEC 27001:2022 certification – the current international standard for information security management. Certification isn't a one-time event for us: it's maintained through annual accredited surveillance audits and full recertification every three years.

  • Annual accredited surveillance audits; recertification every three years
  • Full implementation of the 2022 standard requirements
  • Comprehensive risk management documentation
  • Regular internal and external audit cycles
  • Extended controls from the 2022 revision fully implemented

Built-in Security and Availability

Security and availability are not optional extras for us,but an integral part of our DNA. With a "security first"architecture, defense-in-depth strategies, certifiedencryption procedures, continuous penetration testsand geo-redundant backups in Switzerland, we ensurethat your data remains protected and accessible at alltimes.

How is SecureSafe different from regular cloud storage?

Standard cloud storage services are primarily designed for convenience and accessibility; security is often an add-on rather than a foundation. SecureSafe is built the other way around: encryption and access control are architectural, not optional.

Credential storage – how access data is protected at rest

We protect login credentials from the ground up. Hashing, encryption, and four-eyes controls aren't add-ons — they're part of the baseline.

  • Passwords hashed using Argon2id or bcrypt, with individual salts per user; no plain-text storage; hashing parameters reviewed and updated regularly
  • Application secrets and tokens encrypted at rest (AES-256) with strict key management, rotation, and access controls; short-lived tokens preferred, with revocation on logout or risk events
  • Administrative access governed by commit-signed changes, protected branches, and four-eyes approval for sensitive credential workflows
Availability – design targets and failover approach

We design for high availability with active redundancy, fast failover, and transparent status communication. Our public status dashboard gives you visibility at all times.

  • Redundant design with automatic failover for critical services
  • Availability target: up to 99.99%Critical service paths are designed to minimise single points of failure
  • Automatic failover target: under 30 seconds for selected components
  • Public status dashboard: securesafe.site24x7statusiq.com
DDoS mitigation – layered, continuous, upstream

Protection runs continuously at both network and application level, with 24/7 monitoring and defined response procedures. We don't rely on a single mitigation point.

  • Multi-layered protection at network (L3/L4) and application (L7) level, with upstream scrubbing
  • Automatic traffic analysis and filtering integrated via the application firewall and load balancer
  • Multi-terabit provider capacity with no single point of mitigation
  • 24/7 monitoring and on-call incident response
Access control – least privilege, policy-based, context-aware

Access is governed by least-privilege principles, with controls that adapt to context and sensitivity level.

  • Role-based access control (RBAC) with minimum necessary rights
  • Time-based and inactivity-triggered session rules
  • Delegated administration for key accounts
  • Step-up / MFA enforced for sensitive operations, policy-controlled
Disaster recovery – objectives defined, scenarios tested

We design for continuous operation and validate it through synthetic monitoring, automatic failover, and practiced DR scenarios. Recovery objectives aren't aspirational – they're tested.

  • Priorities and scope: protecting people first, clear decision authority, essential services restored within defined timeframes
  • Monitoring and detection: Zabbix (internal) and Site24x7 (external) with end-to-end synthetics; automatic failover via load balancer and application firewall; database failover managed for consistency
  • Recovery targets by scenario:
    • Data centre failure: RTO ≈ 2 hours + detection time (DNS switch to secondary site or rebuild); RPO: point-in-time recovery within the last 10 days (database WAL), weekly snapshots for 3 months, monthly snapshots for 1 year; file layer with mirrored copies and delayed deletion in DR to enable recovery of accidental deletions
    • Critical component failure: RTO ≈ 30 minutes + detection time (load balancer to hot standby); RPO: 0 hours
    • Human error / data loss: RTO ≈ 2 hours + detection time (restore from backup); RPO: up to 0 hours if detected within the backup/storage window
  • Testing and exercises:
    • Full backup-restore tests approximately every 1–2 months as part of release cycles
    • At least annual DR exercises
    • Periodic production switchovers for major upgrades
    • DNS failover process exercises conducted periodically
  • Architecture: Multi-site active/active application clusters, hot standby database replication, configuration and transaction mirroring, backup and write mirroring to DR.
Audit logs – tamper-resistant, long-term, SIEM-ready

Audit trails are integrity-protected and built for real use, not just compliance. Enterprise customers can integrate directly with their existing SIEM environment.

  • Integrity-protected, append-only audit logs
  • Real-time monitoring and alerting on critical incidents
  • Long-term retention aligned with regulatory requirements
  • SIEM export and integrations available for enterprise customers
Backups – automated, geo-redundant, regularly tested

Backups run automatically, replicate across geographically distributed locations within Switzerland, and are tested regularly, because recoverability is only proven when you actually restore.

  • Automated, frequent backups with geographically distributed replicas, all within Switzerland
  • Integrity protection through immutability controls and restrictive access
  • Regular restore tests with documented validation of recovery procedures
Authentication – adaptive, standards-based, enforceable

Authentication adapts to risk level, supports enterprise SSO standards, and can be enforced by policy at the organisation level.

  • MFA available by default; company policies can enforce MFA for specific users or roles
  • SSO for organisations via SAML 2.0 / OpenID Connect
  • Compatible with device biometrics (Face ID, Touch ID) as a second factor
  • Risk-based step-up authentication for sensitive operations (when activated)
Encryption – in transit, at rest, key lifecycle managed

Encryption is applied consistently across storage and transmission, using current standards with active key lifecycle management.

  • Server-side encryption for content (zero-knowledge architecture)
  • AES-256 for stored data and encrypted content
  • TLS 1.3 with Perfect Forward Secrecy for all network traffic
  • Managed key lifecycle: generation, rotation, and revocation
  • Regular cryptographic reviews updated in line with current best practice
Penetration testing – independent, recurring, remediation-tracked

We commission independent security experts to test our systems on a regular basis. Results are tracked through to remediation, and executive summaries are available to enterprise clients under NDA.

  • Regular third-party penetration tests
  • Realistic attack scenario simulations
  • Remediation prioritised by criticality
  • Transparent communication of critical findings
  • Executive summaries available for enterprise clients under NDA
Encryption model – controlled decryption, no undocumented access

We use server-side encryption with industry-standard algorithms and strict key management. Decryption occurs only within a secure, monitored service environment and only through authorised application processes.This architecture makes certain critical features possible (digital estate management, enterprise functionality, cross-device compatibility) without weakening the underlying security model.

  • Server-side encryption with controlled, audited internal decryption
  • HSM-backed key management where applicable; just-in-time key access with rapid memory clearing
  • No universal master key; no undocumented access paths
  • Defense-in-depth with regular independent audits and an ISO/IEC 27001:2022-certified ISMS
  • Controls protect against both internal and external threat vectors
Security by design – not a feature, but an architecture principle

Security isn't something we add to a product after the fact. Every component has been built to a security-first principle, with defence-in-depth applied across the stack.

  • Defence-in-depth strategy with multiple independent security layers
  • Automatic security updates without service interruption
  • Redundant systems designed for maximum reliability
  • Geographically distributed backup locations across Switzerland, including a former military facility deep in the Alps

Application Security

We implement multiple layers of security to protectdata both in transit and at rest. We use TLS 1.3 withPerfect Forward Secrecy for transport and strongencryption (e.g. AES-256) for stored and client-sideencrypted content. Access to applications is secured bymulti-factor authentication (MFA) and role-basedaccess control.

Environment separation – development, staging, and production kept strictly apart

We maintain hard separation between development, staging, and production environments. This isn't just policy: it's enforced through separate accounts, network segmentation, and access controls.

  • Separate accounts/tenants and network segmentation per environment
  • No production data in test or development environments
  • Distinct access controls and least-privilege roles per environment
  • Automated, auditable deployment pipelines with approval gates
Quality assurance – automated coverage, independent security review

Every release goes through layered quality controls. Automated test coverage runs alongside independent penetration tests, vulnerability scanning, and software composition analysis.

  • High automated test coverage (unit, integration, end-to-end) with CI quality gates
  • CI/CD pipelines with build-time and deployment-time checks
  • Regular third-party penetration tests; security assessments before releases with significant changes
  • Infrastructure and service vulnerability scanning with Nessus; consolidated reporting via Scanmeter
  • Software Composition Analysis (SCA) and container image scanning with JFrog Xray; dependency policy checks enforced in CI
Code review – four-eyes-principle, signed commits, automated scanning

Every code change goes through mandatory peer review before deployment. Automated security analysis runs in parallel, not as an afterthought.

  • Four-eyes principle enforced via protected branches
  • Branch protection rules: required status checks, code owners, linear history, no force push on main branches
  • Cryptographically signed commits (GPG) mandatory on protected branches
  • Automated SAST/DAST, Software Composition Analysis (SCA), and secrets scanning
  • Continuous scanning of third-party dependencies and container images
  • Security champions embedded in every development team
Secure development lifecycle – security integrated from design through operation

Security gates exist at every phase of our development process – from threat modelling in design to SBOM generation and artifact signing at build.

  • Threat modelling and abuse-case reviews during design
  • Documented security requirements and secure coding standards (OWASP guidance)
  • SBOM generation (SPDX/CycloneDX) for each build; inventories retained and monitored
  • Artifact signing and provenance: build artifacts cryptographically signed and verified at deployment; provenance attestation recorded
  • Regular secure coding training for developers
  • DevSecOps practices with security gates integrated into CI/CD

Operational Security

We follow strict operational procedures to ensure thatour day-to-day activities meet recognized,independently audited safety standards.

Security culture – training that’s ongoing, not annual box-ticking

We invest in security awareness across the entire organisation. Training is role-specific and continuous – not a once-a-year exercise.

  • At minimum annual security awareness training, with ongoing refreshers
  • Role-specific security training tailored to function and risk exposure
  • Support for team members pursuing professional security certifications
Policy framework – risk-based, regularly reviewed, independently audited

Our governance framework is structured to ISO/IEC 27001:2022 and covers everything from incident response to data classification. Policies are reviewed on a risk-based cycle, not just when something changes.

  • ISMS policy framework aligned with ISO/IEC 27001:2022
  • Regular, risk-based review and update cycles
  • Documented and regularly exercised incident response procedures
  • Binding standards for data classification and handling
Confidentiality controls – structural, not just contractual

We've built confidentiality into how we work, not just into the contracts we sign. Access to sensitive information is controlled at the structural level.

  • Mandatory NDAs for all employees and partners
  • Strict need-to-know access controls
  • Encrypted channels for confidential communications
  • Regular confidentiality audits