Our Commitment to Security and Privacy

We take the security and privacy of your data seriously. Although we are not yet formally certified, we voluntarily align our technical and organisational practices with internationally recognised frameworks. This page provides a transparent overview of the measures we have implemented and the standards that guide our operations.

The measures listed on this page represent our voluntary commitment to security and privacy best practices. Peritiq does not currently hold formal ISO 27001, SOC 2, or other third-party certifications. We continuously review and improve our security posture.

GDPR Alignment

The General Data Protection Regulation (GDPR) is the cornerstone of European data-protection law. The following measures reflect our alignment with its core requirements.

  • Principles (Art. 5 GDPR) — Processing in accordance with lawfulness, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality
  • Lawful Basis (Art. 6 GDPR) — Every processing activity is mapped to a valid legal basis, including explicit consent where required
  • Data Minimisation — We collect only the personal data strictly necessary for the stated purpose and delete it when it is no longer needed
  • Data-Subject Rights — Users may exercise their rights to access, rectification, erasure, restriction, portability and objection at any time
  • Processor Agreements (Art. 28 GDPR) — All third-party processors are bound by data-processing agreements that meet GDPR requirements
  • Encryption — Personal data is encrypted in transit (TLS 1.2+) and at rest where technically feasible
  • Privacy by Design (Art. 25 GDPR) — Data-protection principles are embedded into system architecture and default settings from the outset
  • Breach Notification — In the event of a personal data breach, we are committed to notifying the relevant supervisory authority within 72 hours and affected individuals without undue delay, as required by Art. 33–34 GDPR
  • Your data is never used to train AI models

ISO 27001 Alignment

ISO/IEC 27001 defines the requirements for an information-security management system (ISMS). Our technical controls are aligned with its key objectives.

  • Access Control — Role-based access control (RBAC) restricts system and data access to authorised personnel only
  • Password Policy — Passwords are hashed using modern algorithms (bcrypt) and must meet minimum complexity requirements
  • Session Management — Sessions are time-limited, bound to the originating IP where appropriate, and invalidated on logout
  • HTTPS Enforcement — All traffic is served over HTTPS with HSTS headers to prevent protocol-downgrade attacks
  • Security Headers — Responses include Content-Security-Policy, X-Content-Type-Options, X-Frame-Options and Referrer-Policy headers
  • Rate Limiting — API and authentication endpoints are rate-limited to mitigate brute-force and denial-of-service attacks
  • Audit Logging — Security-relevant events are logged with timestamps and user identifiers for forensic review
  • Input Validation — All user input is validated and sanitised server-side to prevent injection, XSS and other common attack vectors
  • Optional Multi-Factor Authentication (MFA) for administrative accounts

SOC 2 Alignment

SOC 2 defines trust-service criteria for managing customer data. We align our practices with the following principles.

  • Security — Systems are protected against unauthorised access through firewalls, intrusion detection and multi-layered authentication
  • Availability — Infrastructure is designed for high availability with redundancy, automated failover and regular backup procedures
  • Confidentiality — Confidential data is classified, access-controlled and encrypted to prevent unauthorised disclosure
  • Privacy — Personal information is collected, used, retained and disclosed in conformity with our privacy policy and applicable regulations

Infrastructure and Sub-Processors

We rely on carefully selected third-party providers, each chosen for their own compliance posture.

  • Hosting — Application servers are hosted in the EU (Paris, France) by providers that maintain ISO 27001 and SOC 2 certifications
  • CDN and DDoS Protection — Content delivery and DDoS mitigation are provided by a globally distributed network with enterprise-grade security
  • Payment Processing — All payment transactions are handled by a PCI DSS Level 1 certified processor; no card data is stored on our servers
  • Analytics and Tracking — Analytics are consent-gated and only activated after explicit user approval; no tracking occurs before consent
  • No third-party tracking fonts or scripts — all assets self-hosted (GDPR-compliant)

Consumer Protection

Peritiq is operated by a Brazilian company for B2C and international B2B markets, and through an Austrian entity for B2B services within the European Union. We comply with applicable consumer protection and e-commerce regulations in both jurisdictions.

  • Legally compliant Impressum (Imprint) with full company disclosure as required by Austrian E-Commerce Act (ECG) for EU B2B operations
  • EU Online Dispute Resolution (ODR) link as required by EU Regulation 524/2013
  • Privacy-first cookie implementation — no tracking before consent
  • Clear pricing with no hidden fees — all amounts shown including VAT where applicable

Contact

If you have questions about our security practices or wish to report a vulnerability, please contact us via the details provided on our imprint page.

The measures listed on this page represent our voluntary commitment to security and privacy best practices. Peritiq does not currently hold formal ISO 27001, SOC 2, or other third-party certifications. We continuously review and improve our security posture.