Data protection and security.
Security and data protection are our highest priority: We implement strict data protection and security policies, regularly evaluate their effectiveness, and demonstrate compliance transparently to independent auditors.
Restricted
access.
access.
At Polyteia, access to data is strictly limited to authorized staff in line with the principle of least privilege.
Layered defense mechanisms.
We use a multi-layered security strategy to ensure protection and provide backup controls in the event of a breach.
Regular security
controlls.
controlls.
We apply consistent security controls across all areas to ensure uniform protection against threats.
Continuous
improvements.
improvements.
We continuously improve our security controls to adapt to an evolving security landscape.
Audits and certificates.
Verified GDPR compliance.
Polyteia ensures compliance with the GDPR in all areas and relies on standards and recommendations from Bitkom-Consult.
IT security concept following BSI protection.
Polyteia maintains an IT security concept in accordance with the IT protection of the German Federal Office for Information Security (BSI).
ISO 27001 certification.
Polyteia is currently undergoing ISO 27001 certification to ensure a systematic and lasting approach to information security.
Security measures.
Find out more
Encrypted data transmission and storage.
Data is encrypted both in transit and at rest. We use AES-256 for encryption and enforce at least TLS 1.2 for all connections.
Vulnerability scans.
The Polyteia platform is continuously scanned for vulnerabilities, both at infrastructure and application level.
Penetration tests.
We secure our systems against all threat scenarios through regular penetration tests conducted by independent auditors.
Data security.
Strict data access policies.
At Polyteia, access to personal data is strictly limited to authorized individuals, enforced through role-based access controls.
Custom data retention.
Polyteia implements data deletion policies based on the sensitivity of the data and the specific requirements of our customers.
Data center with headquarters and server location in Europe.
Your data is processed and stored in BSI-certified (C5) data centers with both company headquarters and physical location within the EU.
Corporate policies.
Central device management.
All devices that process customer data have a security profile installed, use hardware encryption and are managed by an MDM.
Regular security training.
All employees undergo regular security training with a focus on compliant data processing and secure software development in accordance with the OWASP principles.
Compliance audits.
Compliance with our corporate guidelines is regularly assessed by independent external auditors.
Legal documents.
Data processing agreement
(DPA).
View document.
EVB-IT service and
cloud contract.
View document.
General Terms and Conditions according to EVB-IT Services and Cloud.
View document.