Skip to content
FREE
Free GDPR Audit — Try it now
Security

Security you can trust

Your data security is our top priority. We implement industry-leading security measures to protect your data and ensure compliance.

AES-256 Encryption
EU Data Residency
99.9% Uptime

Security Infrastructure

Enterprise-grade security built into every layer of our platform.

Encryption at Rest & Transit

All data is encrypted using AES-256 at rest and TLS 1.3 in transit.

EU Data Residency

All data is processed and stored within the European Union on Railway cloud infrastructure.

Secure Authentication

JWT-based auth with bcrypt password hashing and email verification.

Regular Backups

Automated daily backups with point-in-time recovery capability.

Access Controls

Role-based access control with audit logging for all operations.

DDoS Protection

Enterprise-grade DDoS protection and rate limiting on all endpoints.

Compliance & Certifications

We maintain rigorous compliance standards to meet the security requirements of enterprise customers.

GDPR Compliant

Full compliance with EU General Data Protection Regulation

ISO 27001

Information security management certification (in progress)

SOC 2 Type II

Service organization control certification (planned Q3 2026)

Data Processing

Data Location

All data is stored on European data centers (Railway cloud infrastructure in the EU region), ensuring GDPR compliance and data residency within the European Union.

Data Access

Access to production data is strictly limited to authorized personnel with documented business need. All access is logged and audited.

Data Retention

Data retention periods are configurable per plan. Data can be deleted upon request within 72 hours per GDPR requirements.

View Data Processing Agreement

Security Practices

Our comprehensive approach to security across development, operations, and people.

Regular dependency auditing and vulnerability scanning
Automated security testing in CI/CD pipeline
Security-focused code reviews required for all pull requests
Incident response procedures documented and maintained
Responsible disclosure policy for security researchers
Regular security audits of infrastructure and applications
Secure software development lifecycle (SDLC) practices
Input validation and parameterized queries on all endpoints
Bug Bounty Program

Help us stay secure

We welcome responsible disclosure of security vulnerabilities. Our bug bounty program rewards researchers who help keep CONSETO secure.

  • Rewards from €100 to €5,000 based on severity
  • Hall of Fame recognition for valid reports
  • Response within 48 hours guaranteed
Report a Vulnerability

In Scope

  • • www.conseto.io (main website)
  • • api.conseto.io (API endpoints)
  • • Dashboard application
  • • JavaScript SDK

Out of Scope

  • • Social engineering attacks
  • • Physical security
  • • Third-party services
  • • DoS/DDoS attacks

Questions about security?

Our security team is happy to answer questions about our practices or discuss your specific security requirements.

Contact Security TeamPrivacy Policy