Security and trust

Your catalog files are handled with the same care as our own back-office

Security headers, HTTPS, EU-hosted infrastructure where applicable, and documented retention. No slogans, just facts.

The pillars of our security

Encrypted connections (HTTPS)

All connections are encrypted (HTTPS, enforced by the browser). Your session identifiers are protected on the server and never travel in plain text.

Data hosted within the European Union

Core hosting is in the EU. Processors and any international transfers, including AI processing, are listed in the Privacy Policy.

Minimal retention

Retention windows are explicit: account deletion uses a 30-day grace period, account data exports expire after 7 days, and operational cleanups remove stale artifacts.

Strict access control

Access to the production perimeter is restricted to a very small team with strong authentication. No access to customer data without an explicit ticket.

Payments delegated to Stripe

We never store your card data. It goes directly to Stripe, certified at the highest banking security level (PCI DSS level 1).

Backups and restore checks

Production backups and restore checks are tracked in ops. We only publish controls that are actually in place.

AI and privacy

Catalog optimization can use configured AI providers such as OpenAI. Processor and transfer details are documented in the Privacy Policy; we do not use customer catalog data for public examples.

Compliance and rights

GDPR — we are a processor under article 28. A data processing agreement (DPA) is available on request.
You can download an account data archive from your account; it currently covers profile, brand profiles and catalog optimizations.
You can schedule account deletion from settings; invoices may remain archived or pseudonymised when accounting law requires it.

Report a security issue

If you think you've found a vulnerability, write to us at our dedicated address. Security reports are reviewed during business hours.

security@ecomptimize.com