Security & Trust

Application data is hosted in the EU, encrypted at rest and in transit. Peritiq is designed with privacy as a foundation — not an afterthought.

flag EU-Hosted encrypted GDPR-Aligned lock Encrypted visibility_off No Tracking
cloud

Data Residency

Application data is hosted by Hostinger in European data centers in France. Object storage uses Cloudflare R2 (EU region). Payment processing is handled by Stripe (USA, under EU–US Data Privacy Framework). For details on all data flows, see our Privacy Policy.

Live
shield

GDPR Alignment

Peritiq is designed with GDPR principles in mind. We apply data minimisation, process on a documented legal basis, and offer a Data Processing Agreement (DPA) on request for business customers.

Live
lock

Encryption

Data at rest is encrypted with AES-256. All traffic in transit uses TLS 1.2+. Database connections are encrypted.

Live
passkey

Authentication

Passwords are hashed with bcrypt and never stored in plain text. Session tokens are rotated on login.

Live
database

Data Isolation

Peritiq uses multi-tenant architecture with strict logical isolation. Each company can only access its own data. Cross-tenant access is prevented by design.

Live
visibility_off

Blind Voting Privacy

Votes in Peritiq are collected independently and aggregated before display. Workspace admins see aggregated results only, not individual responses. Minimum anonymity thresholds apply.

Live
block

No Tracking, No CDNs

We self-host all fonts and assets. No Google Fonts, no external CDNs, no third-party tracking scripts on the application.

Live
delete_sweep

Data Retention & Portability

You can export your data and request deletion under your right to erasure. Upon account closure, active data is removed per our retention schedule. Encrypted backups may persist for up to 180 days.

Live
verified_user

SOC 2 & ISO 27001 Alignment

We voluntarily align our security practices with SOC 2 trust-service criteria and ISO 27001 controls. We do not currently hold formal certification for either standard.

Voluntary

Sub-Processors

We work with a small number of third-party providers. Each one is selected for its compliance posture and data handling practices. A full list is available on request.

payments
Stripe Payment processing (USA). PCI DSS Level 1 certified. No card data touches our servers. Transfers under EU–US Data Privacy Framework.
dns
Hostinger Application hosting and database management in European data centers in France. Application data stays in the EU.
auto_awesome
Cloudflare AI inference (Workers AI), vectorisation, edge processing, and object storage (R2, EU region). All AI models run on Cloudflare infrastructure. No customer data is used for model training.

Questions or Concerns?

If you have questions about our security practices, need a DPA, or want to report a vulnerability, contact our security team.

mail security@peritiq.com