Trust, by design. Audited by default.
EU-hosted, cryptographically signed, and built for regulators who actually look. Read the controls. Request the reports.
- EU residency
- Cryptographic signatures
- GDPR-compliant
What we have, what we are earning, what is next.
SOC 2 Type II
In progressIndependent audit of our security, availability, and confidentiality controls. Underway with our auditor.
ISO 27001
In progressInformation Security Management System aligned to ISO/IEC 27001. Stage 1 prep in progress.
GDPR-compliant
EarnedEU data residency, Article 28 DPA, SCCs Module Two, 30-day deletion windows. Compliant by default.
EU data residency
EarnedCustomer data is processed and stored exclusively in the EU — Frankfurt primary, Amsterdam failover.
Annual penetration test
In progressThird-party offensive security test of the production app. Summary available on request after each cycle.
Four promises we make on every passport.
Defence at every layer.
Encryption in transit and at rest, mTLS plus OAuth 2 between services, and a cryptographically signed audit trail for every passport event.
European data, European rules.
GDPR-compliant data handling, EU-only residency, and customer-managed encryption keys (BYOK) for Enterprise plans.
Built to stay up.
99.95% SLA on Operator, 99.99% on Enterprise. Active-active across Frankfurt and Amsterdam. Status page published in real time.
No surprises, ever.
Public DPA and this Trust Center. Subprocessor changes notified 30 days ahead. Every incident published within five business days.
The controls behind the claims.
Encryption in transit
TLS 1.2+ on every public endpoint. mTLS between internal services with short-lived certificates.
Encryption at rest
AES-256 across databases, blob storage, and backups. Per-tenant keys with documented rotation.
Identity & access
Clerk-backed identity, OAuth 2 / OpenID Connect, SSO and SCIM on Enterprise plans.
Network isolation
Per-environment VPCs with no public database endpoints. Egress allowlisted, ingress filtered at the edge.
Audit logging
Cryptographically signed, append-only audit trail. Immutable revision history for every passport.
Customer-managed keys
Enterprise customers can BYOK (bring your own key) for at-rest encryption, rotated on your schedule.
Your data stays in Europe.
Customer data is processed and stored exclusively inside the European Union. No copies, replicas, or backups leave the region — not for analytics, not for support, not for failover.
Swiss-headquartered, EU-hosted: the combination most European procurement teams ask for. Cross-border transfers under GDPR Article 44+ are governed by the EU Standard Contractual Clauses (2021/914), Module Two, with our standard DPA.
Primary production region for compute, storage, and audit logs. Serves all customer traffic by default.
Hot-standby region for synchronous replication and automated failover within the EU footprint.
Everything procurement and security teams ask for.
| Document | Status | Last updated | Action |
|---|---|---|---|
| SOC 2 Type II report | In progress | In progress | Request status |
| ISO 27001 certificate | In progress | In progress | Request status |
| Penetration test summary | Available on request | NDA required | Request |
| Subprocessor list | Public | Maintained continuously | View on /dpa |
| Data Processing Agreement (DPA) | Public | May 2026 | View on /dpa |
| Privacy Policy | Public | May 2026 | View privacy |
| Architecture white paper | Available on request | NDA required | Request |
- SOC 2 Type II reportIn progressLast updatedIn progressRequest status
- ISO 27001 certificateIn progressLast updatedIn progressRequest status
- Penetration test summaryAvailable on requestLast updatedNDA requiredRequest
- Subprocessor listPublicLast updatedMaintained continuouslyView on /dpa
- Data Processing Agreement (DPA)PublicLast updatedMay 2026View on /dpa
- Privacy PolicyPublicLast updatedMay 2026View privacy
- Architecture white paperAvailable on requestLast updatedNDA requiredRequest
Reports tagged "In progress" are being prepared with our auditor. NDA-gated documents are sent within two business days of a written request from a named procurement or security contact.
Find a vulnerability? Tell us first.
In scope: the production application, customer data, and our public APIs. Out of scope: third-party services we depend on (Clerk, Convex, Google) — report those to the vendor directly.
Email reports to the address below. PGP-encrypted submissions are welcome — request our public key in your first message.
We acknowledge every report within 72 hours, triage within five business days, and aim to ship a fix for critical findings within fourteen days.
Safe harbour: we will not pursue legal action against good-faith researchers who follow this policy and avoid privacy violations, service disruption, or data exfiltration.
No public disclosures to date. Researchers who report a valid issue will be acknowledged here, with consent.
Operational history, no spin.
Counted from launch in 2024 through today. Every reportable incident is published within five business days.
How we publish incidents.
A reportable incident is any unplanned event that affects confidentiality, integrity, or availability of customer data. We publish a public post-mortem with root cause, customer impact, and remediation within five business days. Subscribe at the status page below.
status.dppautomate.comReach the security team.
For vendor due-diligence, security questionnaires, or compliance escalations — write to the address below and our security lead will respond.
Use "security" in the subject line for fastest triage.
8408 Winterthur
Switzerland