SimpleAct Logo
Trust Center

Security, Privacy & Compliance

SimpleAct runs its platform on certified infrastructure in Germany. All relevant documents for security and procurement reviews are available here.

GDPR Compliant
Data processing under EU law, server location Germany
Made in Germany
Developed and hosted in Germany, Hetzner Nuremberg
ISO-27001 Infra
Hetzner data centre with ISO 27001 certification

For Security & Procurement Reviews

Everything your security team or procurement needs for approval — centrally, complete, up to date.

DPA / AVV (Art. 28 GDPR)Page

Data processing agreement – full text available

View
SLAPage

Service level agreement with availability and response times

View
Security WhitepaperPage

Technical and organisational measures (TOM)

View
SubprocessorsPage

Listed in the whitepaper, full list on request

View
Architecture OverviewSection

Hosting, data flows, and isolation at a glance

View

Architecture Overview

SimpleAct – High-Level ArchitectureBrowser / ClientHTTPS · TLS 1.3Application Layer (EU)API / BackendAuth (RBAC, 2FA)Audit-LogMulti-TenantData Layer · EU – Nuremberg & FrankfurtPostgreSQL (Supabase)Storage – Encrypted at restBackups (daily)Hetzner Nuremberg · Supabase Frankfurt · EU data location · TLS in transitRBAC = Role-Based Access Control · 2FA = Two-Factor Auth (TOTP) · Append-only Audit-Log

Technical Details

Hosting & Infrastructure

  • Hosted at Hetzner (Nuremberg, Germany)
  • Database: Supabase PostgreSQL, EU region Frankfurt
  • Data location: EU — no third-country transfer
  • Automated daily database backups (point-in-time recovery)
  • Encryption at rest + in transit (TLS 1.2+)

Access & Authentication

  • RBAC — role-based access control
  • Multi-tenancy isolation between organisations
  • Two-factor authentication (TOTP)
  • Session invalidation on logout

Logging & Auditability

  • Append-only audit log of all actions
  • Document and entry versioning
  • Timestamped snapshots for regulatory evidence

Data Processing

  • GDPR-oriented processing
  • DPA/AVV available on request
  • Subprocessors listed transparently

Security Testing

  • Regular penetration tests (last: April 2026)
  • External security assessment (last: April 2026)

Security Whitepaper & TOM

Detailed description of all technical and organisational measures available for download.

View Whitepaper
← Back to homepage
Yannick Heisler

Yannick Heisler

Sales · Personal consultation

Sicherheit & Datenschutz | SimpleAct