Trust Center
Data protection
- Privacy Policy
- Cookies Policy
- Personal Data Protection Charter
- Data Processing Agreement (DPA)
Information Security
- ISO 27001 Certificate
- Information Security Policy
- Information Security and Data Protection
Controls
- Organizational measures
- Technical measures
ISO 27001 Certificate
Information Security Policy
Information Security and Data Protection
CONTROL
STATUS
Information Security Policies
We maintain a full set of internal security policies, reviewed at least once a year. These policies guide how we manage access, data classification, encryption, and risk.
Roles & Responsibilities
Security is everyone’s responsibility. Roles are clearly defined and tracked in our internal ISO 27001 system. A DPO and CISO oversee compliance and work with external associations and authorities when needed.
Access Control
We apply strict access controls: least privilege, secure onboarding/offboarding, MFA, and regular reviews of user rights.
Awareness & Training
We apply strict access controls: least privilege, secure onboarding/offboarding, MFA, and regular reviews of user rights.
Remote Work
Staff work on secured CloudPC environments, fully isolated from personal devices. Remote work is only allowed from pre-approved locations.
Encryption
Data is encrypted in transit and at rest using industry-standard protocols (TLS, IPSec, AES).
Asset & Information Management
All data is classified, managed and governed by a paperless policy.
Incident Management
We have a clear process for reporting and handling incidents, reviewed regularly and tested when needed.
Business Continuity
We aim for 99.7% uptime and have a tested Business Continuity Plan, including data backups and recovery procedures.
Third-Party Security
Suppliers must meet strong security standards. We prefer ISO 27001-certified partners and apply strict due diligence.
Compliance
We comply with all applicable data protection laws in Swiss and EU data protection laws (FADP & GDPR) and are continuously improving through audits and external reviews.
Penetration testing performed
A Pentest is performed at least annually. A remediation plan is developed, and changes are implemented to remediate vulnerabilities.
