Security

Your data, protected
with care

Built with security-first architecture following industry best practices. Your compliance data is protected with enterprise-grade controls.

AES-256 Encryption
EU Data Residency
TLS 1.2+
MFA Supported
GDPR Compliant

Security practices

Built with security in mind from day one.

Encryption everywhere

All data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Your compliance data is protected end-to-end.

EU data residency

All data is stored and processed in EU data centers (Frankfurt, Germany). Your data never leaves the EU.

Strong authentication

Multi-factor authentication (TOTP), RSA-4096 encrypted sessions, configurable session timeouts, and brute-force protection with progressive delays.

Tenant isolation

Complete data isolation between organizations. Every database query is scoped by tenant ID with row-level filtering.

Minimal data collection

We only collect what's necessary for compliance monitoring. No file contents, browsing history, or personal data.

Secure development

Automated security scanning (SAST) on every commit, secrets detection with Gitleaks, and continuous dependency vulnerability monitoring.

Audit logging

All security-relevant events are tracked. Comprehensive audit trails for compliance and incident investigation.

Regular backups

Point-in-time recovery for databases, daily backups for all data, versioned file storage.

Compliance alignment

Our security controls align with industry standards and frameworks.

ISO 27001
Information security management best practices
GDPR
Data protection and privacy requirements
OWASP Top 10
Web application security best practices
NIST 800-63B
Digital identity and authentication guidelines

What we collect (and don't)

Our agents are designed with privacy in mind. We only collect what's necessary for compliance monitoring.

What we collect

  • Device identifiers (hashed)
  • OS version and type
  • Security settings status
  • Compliance check results
  • Last check-in timestamps
  • Agent version

What we never collect

  • File contents or names
  • Browsing history
  • Keystrokes or screen captures
  • Location data
  • App usage or activity
  • Personal files
  • Email or message content
  • Passwords or credentials

Infrastructure

Built on trusted European infrastructure providers.

Compute
Hetzner
Germany
Database
Neon
Frankfurt
Cache
Redis Cloud
Frankfurt
CDN & WAF
Cloudflare
Global edge

Responsible disclosure

Found a security issue? We appreciate responsible disclosure. Please email us at security@recoger.app with details, and we'll respond within 48 hours.

Privacy Policy Terms of Service DPA