Built so you can prove what happened.
EU hosting, tenant isolation at the database layer, and a tamper-evident audit log that an auditor can verify.
Your data stays in the EU
The platform runs on EU infrastructure, with EU-resident providers for identity, email, and storage. Every sub-processor is listed publicly, and none is added without notice.
Tenant isolation in the database, not just the app
Each request runs inside its tenant's context, enforced at the database layer. A query without a tenant context reads and writes nothing. Isolation isn't a setting in the application code that a bug could skip.
An audit log that resists tampering
Append-only at the database level — the application can't update or delete it. Each record is hash-chained to the previous one, and a verifier checks the entire chain every day.
Personal data handled deliberately
PII is tagged at the column level. A masking layer pseudonymizes it; reversing that takes dual approval and is visible to the Works Council on a built-in delay. Personal-data access is logged on its own channel.
Segregation of duties, enforced in code
The platform stops one person from holding incompatible roles — submitting and approving the same change, or being both the responder and the regulatory reporter on the same major incident.
Certifications
[PLACEHOLDER: ISO 27001 / SOC 2 Type II status — verify and state truthfully]
Responsible disclosure
If you discover a security vulnerability, report it to security@itsmx.eu. We respond within 48 hours.
Request the ITSMx security pack.
DPA, sub-processor list, architecture overview, and answers to your security questionnaire.