Highest Level of IT Security

Q: Where is my data stored?

All data is stored exclusively on servers in Germany, operated by Hetzner. Your data never leaves the European Union.

Q: Is Spreadly GDPR compliant?

Yes, Spreadly is fully compliant with the EU General Data Protection Regulation (GDPR). We implement privacy by design, provide data processing agreements, and give you full control over your data.

Q: What certifications does Spreadly have?

Spreadly is ISO 27001:2022 certified. This internationally recognized certification demonstrates our commitment to information security management best practices.

Q: Do you offer a Data Processing Agreement (DPA)?

Yes, we provide a comprehensive Data Processing Agreement (DPA) that documents our data handling practices and helps you meet your compliance obligations. You can find it in our Data Processing Agreement.

Q: How do you handle security incidents?

We have a documented incident response plan. In case of a security incident affecting your data, we will notify you within 72 hours as required by GDPR and work transparently to resolve the issue.

Q: Can I get a copy of your security documentation?

Enterprise customers can request additional security documentation including our ISO 27001 certificate, penetration test reports, and security questionnaire responses. Please contact our sales team.

Q: What happens to my data when I delete my account?

When you delete your account, all your personal data is permanently removed from our systems within 30 days. Backups containing your data are purged according to our retention schedule.

Q: Do you support Single Sign-On (SSO)?

Yes, we support SSO via SAML 2.0 and OAuth 2.0. This includes integration with Microsoft Entra ID (Azure AD), Google Workspace, Okta, and other major identity providers.

Your data security is our top priority. Spreadly is built with enterprise-grade security standards and full compliance with European data protection regulations.

ISO 27001:2022 Certified

GDPR Compliant EU Data Protection

Hosted in Germany Hetzner Datacenter

Trust

Certifications & Compliance

Spreadly meets the highest security standards and is compliant with all European data protection regulations.

ISO/IEC 27001:2022

Spreadly is ISO 27001:2022 certified, the internationally recognized standard for Information Security Management Systems (ISMS). This certification demonstrates our commitment to managing information security risks systematically.

GDPR Compliant

Our platform is fully compliant with the EU General Data Protection Regulation (GDPR). We implement privacy by design and provide all necessary tools for you to fulfill your data protection obligations.

Made & Hosted in Germany

Spreadly is developed in Germany and exclusively hosted on servers operated by Hetzner in Germany. Your data never leaves the EU, ensuring compliance with strict European data protection laws.

Security

Security Infrastructure

Your data is protected by multiple layers of security throughout the entire data lifecycle.

TLS 1.3 Encryption

All data in transit is protected using TLS 1.3, the latest encryption protocol. We enforce HTTPS on all connections.

Encrypted Storage

All data at rest is encrypted using AES-256 encryption. Database backups are also encrypted.

DDoS Protection

Our infrastructure includes enterprise-grade DDoS protection to ensure service availability.

Access Control

Strict role-based access control ensures only authorized personnel can access sensitive systems.

Regular Backups

Automated daily backups with geo-redundant storage ensure your data is always recoverable.

24/7 Monitoring

Continuous monitoring and alerting systems help us detect and respond to threats in real-time.

Features

Product Security

Spreadly provides powerful security features that give you full control over your organization's data.

Authentication

Single Sign-On (SSO)

Connect Spreadly to your existing identity provider using SAML 2.0 or OAuth 2.0. Support for Microsoft Entra ID, Google Workspace, Okta, and other major providers.

Access Control

Role-Based Permissions

Define granular permissions at the role and team level. Control who can view, edit, or manage different aspects of your digital business cards.

Data Protection

Encryption

All data is encrypted both in transit and at rest. We use TLS 1.3 for secure communication and AES-256 encryption for data storage to ensure your information remains protected.

Compliance

Audit Logging

Comprehensive audit logs track all important actions within your organization. Export logs for compliance reporting and security analysis.

Privacy

Data Privacy

Your privacy is at the core of everything we build.

No Data Selling

We never sell, share, or monetize your data. Your information is yours alone.

Data Portability

Export all your data at any time. We support standard formats for easy migration.

Right to Erasure

Delete your account and all associated data completely. We respect your right to be forgotten.

Data Processing Agreement

We provide a comprehensive DPA to ensure compliance with your internal policies.

Processes

Operational Security

Security is embedded in every aspect of our operations and development process.

Secure Development

We follow secure coding practices and conduct regular code reviews. All changes go through our CI/CD pipeline with automated security checks.

Vulnerability Management

Regular security assessments and penetration testing help us identify and remediate vulnerabilities before they can be exploited.

Security Training

All team members receive regular security awareness training to stay up-to-date with the latest threats and best practices.

Incident Response

We have a documented incident response plan that ensures rapid detection, containment, and recovery from security incidents.

Vendor Management

We carefully evaluate all third-party vendors and ensure they meet our security standards. Our sub-processors are documented in our DPA.

Business Continuity

Our business continuity and disaster recovery plans ensure service availability even in unexpected circumstances.

Resources

Security Documentation

Access our security and compliance documentation.

Data Processing Agreement Information Security Policy ISO27001 Certificate

FAQ

Frequently Asked Questions

Common questions about our security practices and compliance.

Where is my data stored?

Is Spreadly GDPR compliant?

What certifications does Spreadly have?

Do you offer a Data Processing Agreement (DPA)?

How do you handle security incidents?

Can I get a copy of your security documentation?

What happens to my data when I delete my account?

Do you support Single Sign-On (SSO)?

Théo Guillou

Account Executive, Spreadly

theo.guillou@spreadly.app • +33 2 20 06 03 42

Any further questions? We are thrilled about your message.

Name (required)

Email address (required)

Mobile number

Team size

1 - 10 employees

Message