Platform uptime
99.5 %
excluding planned maintenance (Mon 03–05 UTC+1)
TRUST CENTER
Transparency over marketing.
What we do, where we host, who sees what. The answers you actually need before signing a security contract.
DSGVOCompliant
NIS-2Prepared
ISO 27001Roadmap 2027
BSI GrundschutzSub-modules active
TISAXon request
SUB-PROCESSORS
Who touches your data.
| Provider | Purpose | Location | AVV |
|---|---|---|---|
| Hetzner Online GmbH | Hosting & server infrastructure | Falkenstein, Nürnberg · DE | |
| Mailcow | Transactional & notification mail | Self-hosted · DE | intern |
| Authentik | Single sign-on (OIDC), auth metadata only | Self-hosted · DE | intern |
| Cloudflare DNS | DNS resolution (no CDN, no WAF) | DE-PoP, EU-Routing |
SLA
Availability and response.
Response time critical alerts
30 Min
from Operations package, 24/7
Mail delivery
< 90 s
median across all notification types
Disaster recovery RTO
4 h
documented in docs/disaster-recovery.md
Disaster recovery RPO
6 h
quarterly restore test
PRACTICES
How we work internally.
MFA mandatory
All operator accounts mandate MFA. OIDC via Authentik, hardware token for Vyrex-lead accounts.
TLS everywhere
HSTS preload, TLS 1.3, automatic certificate rotation via Let's Encrypt. No HTTP endpoints.
Multi-tenant isolation
Per-operator separated SQLite databases, physically separated. OpenSearch DLS on every customer index.
Complete audit log
Every admin action, every remote action, every mail with Who · When · What · Which customer. 365-day retention.
Cookie consent first
Default opt-out for analytics and marketing. Cookie banner on every first page view.
Annual pentest
External pentest on 12-month cadence. Findings aggregated publicly, details on request.
OPEN ITEMS
What we don't have yet.
- ISO 27001 certification — roadmap 2027, prep in sprint planning.
- Google Business Profile not yet public, will be created with GmbH registration.
- External pentest reports — first one runs Q3 2026. Until then, internal security self-assessment on request.
CONTACT
Security questions?
security@vyrex.cloud · response time < 24 h. For pentest reports, DPA adjustments, or custom SLA, please reach out directly.