Built for European regulation.
Every safeguard is verifiable. Compliance properties are wired into access control, secrets management and audit trails — not slides.
Security & compliance dashboard.
Every control visible. Live posture for identity, data, transport, audit; compliance certifications in one view.
Security & compliance
All controls greenIdentity
MFA enforced
100%
Data
AES-256 at rest
OK
Transport
TLS 1.3
OK
Audit
Immutable log
8.4M
Compliance
| ISO 27001 | Certified | 2025-09 |
| SOC 2 Type II | Active | 2025-11 |
| nFADP (Switzerland) | Compliant | 2025-09 |
| GDPR | Compliant | — |
| PCI DSS | SAQ A | 2026-01 |
Recent audit events
- Role assignedanna@az.ch
- API key rotatedops-bot
- MFA resetluca@az.ch
- RLS policy editmarc@az.ch
- Backup verifiedsystem
Properties enforced in production.
GDPR compliant by default
Right to erasure, data minimization, lawful basis tracked per record.
EU data residency
Zurich primary; per-tenant region available on request.
Per-tenant data isolation
Enforced at Payload (headless) access control on every collection.
Integration audit trail
Every external call and every booking has a full event chain.
Customer data minimization
Collected only when required for fulfilment.
Stripe keys isolated per environment
Secrets stored in Google Secret Manager, rotated per policy.
Role-based admin
Owner / admin / editor / provider — scoped per tenant.
2FA for admin accounts
TOTP enforced for owner and admin.
Audit log retention
Configurable per tenant to match local regulation.
Penetration testing
At least annual by an independent firm.
SOC 2 Type II
In progress.
Keep reading