Skip to content
EN NL
Start your free trial โ†—
Security · EU-hosted

Security built for European teams.

EU-hosted infrastructure, encryption at rest and in transit, least-privilege access, and a clear incident-response process.

EU hosting

All customer data is stored and processed in the European Union. No data is transferred to third countries without a documented legal basis.

Encryption

TLS 1.2+ for all traffic. Databases and backups are encrypted at rest. Secrets (Stripe keys, Microsoft 365 tokens, SMTP passwords) are stored in a secret manager, never in source control.

Access control

Every request is tenant-scoped. Five role-based capabilities (Member, Finance, Auditor, Admin, SuperAdmin) are enforced in code via named authorization policies; cost data is hidden from Members entirely. Cross-organisation access is blocked by database-level query filters. Internal engineer access is least-privilege and logged.

Backups & durability

Daily database backups with a 30-day retention. Point-in-time recovery available for production. Backup restores are tested on a rolling schedule.

GDPR & NIS2

OwndUp is built as a processor under GDPR. We provide a DPA on request. The product ships with features that help customers meet NIS2 Article 21 asset-inventory and accountability requirements.

Incident response

Security events are triaged within 24 hours. Confirmed breaches affecting customer data are disclosed to affected customers within 72 hours, per GDPR Article 33.

Sub-processors

We use a short list of EU-based sub-processors for hosting, email delivery, and payments (Stripe). The current list is available on request and updated when it changes.

Data retention

Your data lives as long as your subscription does. After cancellation, we keep records for a configurable grace period, then hard-delete everything including audit logs. Exports are available any time.

Responsible disclosure

Responsible disclosure.

Found a security issue? We appreciate the heads-up. Email us with details and we'll acknowledge within one business day. Please don't publicly disclose before we've had a chance to fix.

Contact: security@owndup.com

Questions about security?

Start your 30-day free trial or reach out — we're happy to walk through the architecture.

Start your free trial โ†—