Security & Privacy

German data residency. GDPR by design. No exceptions.

European mid-cap companies handling CSRD and procurement data cannot afford a US-based SaaS provider with ambiguous data residency. CarbSynq is a German GmbH running entirely on German infrastructure — not a US company with a German sales office.

Request security documentation
Controls

Security controls designed for EU compliance requirements

German data residency

All data — including backups — is stored on German servers operated by Hetzner. Data does not leave Germany or the EU. Contractually guaranteed in your DPA.

Security controls designed with ISO 27001 in mind

Our information security management practices are structured around ISO 27001 domains: access control, incident response, business continuity, and supplier management. CarbSynq is not currently ISO 27001 certified; formal certification assessment is on the roadmap. Security documentation available on request.

Encryption in transit and at rest

All API communication uses TLS 1.3. Data at rest is encrypted with AES-256. Database backups are encrypted before transmission to backup storage.

Role-based access control

Granular RBAC with predefined roles for sustainability leads, CFOs, and auditors. SSO/SAML support for enterprise identity providers. MFA enforced for all user accounts.

GDPR compliance

CarbSynq acts as data processor under GDPR Article 28. We provide a standard Data Processing Agreement (DPA) for all customers and support DPIA documentation for your procurement process.

Audit logging and access trails

Every user action, data ingestion, and system event is logged with timestamp and user attribution. Logs are immutable and exportable for your internal audit team or Big-4 ESG assurance provider.

Security documentation available on request

We provide full security questionnaire responses, our DPA template, penetration test summaries, and infrastructure architecture diagrams on request for qualified enterprise evaluations.

Request documentation Privacy Policy