Security & Compliance

Maximum Security for Your Data

Hosted in Germany, GDPR compliant, DPA available. Full control over your data.

GDPR compliant
DE Hosting
ISO 27001 (DC)
DPA available

GDPR & Data Protection

ManageSphere is 100% GDPR compliant. All personal data is processed according to EU data protection regulations.

  • Legal basis documented for every processing activity
  • Access, deletion, and correction rights implemented
  • Data Protection Impact Assessment conducted
  • Records of processing activities maintained

Data Processing Agreement (DPA)

A DPA is required when using cloud software. We provide a standardized, legally secure DPA.

  • DPA can be signed directly in the app
  • PDF download available anytime
  • Technical and organizational measures (TOMs) documented
  • List of all subprocessors transparently available
View DPA

Hosting in Germany

All data is stored exclusively in German data centers. No data transfer to third countries.

  • Data center: Frankfurt am Main
  • ISO 27001 certified
  • Physical security: 24/7 monitoring
  • No data transfer to USA or other non-EU countries

Role-Based Access Control (RBAC)

Granular permissions ensure users can only access the data they need.

  • Predefined roles (Admin, Manager, Employee, Guest)
  • Custom roles with fine-grained permissions
  • Project and team-based access control
  • API access separately controllable

Audit Logs

Every action is logged. Complete traceability for compliance and troubleshooting.

  • Who changed what and when?
  • Exportable for external audits
  • Immutable (append-only)
  • Retention: min. 90 days, configurable

Encryption

Data is encrypted in transit and at rest.

  • TLS 1.3 for all connections
  • AES-256 encryption at rest
  • Secure key management
  • Regular security audits

Backups & Disaster Recovery

Daily backups and tested disaster recovery for maximum data security.

  • Daily automatic backups
  • Point-in-time recovery available
  • Geo-redundant storage in EU
  • RTO < 4 hours, RPO < 1 hour

Data Retention & Deletion

Clear rules for retention periods and complete data deletion on request.

  • Legal retention periods (10 years for invoices)
  • Deletion on request (GDPR Art. 17)
  • Full data export before deletion
  • Written deletion confirmation

Security FAQ

Where exactly is my data stored?

All data is stored in ISO 27001 certified data centers in Frankfurt am Main, Germany. No data transfer to third countries (e.g., USA) takes place.

How can I sign a DPA?

You can sign the Data Processing Agreement (DPA) directly in your ManageSphere account or download it as PDF at /legal/dpa. The DPA is pre-filled and legally secure.

Is my data used for AI training?

No, absolutely not. Your customer data is never used for training AI models. Our AI features work only with your data in real-time and always require your explicit approval.

How long are audit logs retained?

Default: 90 days. Enterprise customers can configure individual retention periods. Logs are stored immutably and can be exported for external audits.

What happens to my data after cancellation?

After cancellation, you have 30 days for a complete data export (CSV, JSON). After that, all data is deleted unless legal retention requirements apply. You receive a written deletion confirmation.

Does ManageSphere support Single Sign-On (SSO)?

Yes, from the Enterprise plan we support SAML 2.0 and OIDC for SSO integration with your identity provider (Azure AD, Okta, Google Workspace).

Have questions about security?

Our team is happy to answer your questions about compliance and data protection.

Contact us