Security
Last Updated: October 31, 2025
Data Protection Standards
All information we collect about you, including your Content, is treated with the same physical and technical security procedures we use for our own information. We implement industry-standard measures to protect data processed through the Solvedio platform, including Daily Controls.
Technical Security Measures
- Encryption in transit: TLS 1.2/1.3 for all data communications
- Encryption at rest: AES-256 for stored data
- Access management: Multi-level access controls with role-based permissions
- Regular backups: Automated backup procedures with tested recovery
- Security logging and auditing: Continuous monitoring and periodic security audits
- Internal security policies: Documented procedures for data handling and incident response
Personnel Security
Our employees and partners are regularly trained on security and personal data protection principles. All authorized personnel are bound by confidentiality obligations.
Infrastructure
Data processing takes place primarily in the EU (Germany, Frankfurt) on enterprise-grade cloud infrastructure:
| Provider | Purpose | Location |
|---|---|---|
| Microsoft Azure | Hosting and computing | Germany (EU) |
| Amazon AWS | Hosting and computing | Germany (EU) |
| SendGrid | Email notifications | EU/USA |
All sub-processors are bound by written data processing agreements under Article 28 GDPR.
International Data Transfers
If personal data is transferred outside the EU/EEA, we ensure compliance through Standard Contractual Clauses (SCC) or the EU-US Data Privacy Framework, with supplementary measures where necessary.
Incident Response
In the event of a personal data breach:
- Affected customers and individuals are notified within 48 hours
- The Slovak Office for Personal Data Protection is informed within 72 hours pursuant to Article 33 GDPR
- Notifications include: description of the incident, categories and approximate number of affected individuals, probable consequences, and measures taken for remediation
Data Sharing Policy
We do not share, sell or transfer personal information to third parties except as specified in our Privacy Policy. Information transfers to service providers occur solely for purposes outlined in the policy, with efforts made to limit data volume and apply encryption where feasible.
Regulatory Compliance
Solvedio adheres to:
- GDPR (General Data Protection Regulation, EU 2016/679)
- Slovak Data Protection Act
- Standard Contractual Clauses (SCC) for international transfers
- EU-US Data Privacy Framework where applicable
Data Processing Agreement
The processing of personal data on behalf of customers is governed by our Data Processing Agreement (DPA), which covers sub-processor management, audit rights, incident notification, and data deletion procedures.
User Rights & Contact
Questions or complaints regarding data security or personal information can be directed to legal@solvedio.com.
For a complete overview of your data rights, please review our Privacy Policy.
Report suspected security breaches to: security@solvedio.com