Security & data

Your data stays where it should.

Report automation means working with sensitive company numbers. VortexDesk is designed for CFOs, CROs and desk heads who need guarantees, not marketing.

The principles

Four non-negotiable architectural choices.

EU hosting

Infrastructure in Frankfurt and Ireland. Data, backups and logs never leave the EU.

End-to-end encryption

TLS 1.3 in transit, AES-256 at rest. Keys managed via KMS with automatic rotation.

Tenant isolation

Each organisation has its own logical database. Single-tenant on Enterprise plans.

BYO credentials

Your source credentials remain yours. We use them and discard them — never stored on our side.

Technical detail

The things the CISO asks before signing.

Authentication

SSO SAML / OIDC, mandatory MFA, configurable session timeout, IP allowlist.

Roles & permissions

Granular RBAC at module, report and block level. Audit on every role change.

Immutable audit trail

Every action (publish, edit, share, delete) logged in append-only format, exportable.

Signed sharing

Expiring links, watermark with recipient name, download disable, instant revocation.

Backup & recovery

Encrypted daily backups with 30d retention. Point-in-time recovery up to 7 days.

Vulnerability mgmt

Continuous dependency scanning, annual pen-test, coordinated disclosure at security@.

AI & privacy

Your data is never used to train external models. Configurable prompts.

Deploy options

Multi-tenant SaaS · single-tenant SaaS · on-prem / private cloud on Enterprise plan.

DPA & GDPR

Standard DPA available, configurable data retention, export & delete procedures.

Compliance & certifications

Where we are and where we are headed.

We are transparent about the journey. VortexDesk is a recent platform: some certifications are already satisfied in principle but under formal audit, others are on the explicit roadmap.

For Enterprise plans, a complete security questionnaire and customisable DPA are available. Let's discuss in a call.

Compliance roadmap

Status as of Q2 2026

Status

GDPRCompliant

EU HostingActive

SOC 2 Type IIIn audit

ISO 27001Planned Q4 26

Custom DPAAvailable

Responsible disclosure

Found something?

Write to us at info@vortexdesk.app. We respond within 48h, manage disclosure in a coordinated manner and credit the reporter in the changelog.

Need the security questionnaire?

For Enterprise plans we send the complete package before the first call.

Request a demo → info@vortexdesk.app