Security is our product. It's also our practice.
We handle sensitive security communications for our customers every day. That responsibility demands we hold ourselves to the highest standard — in how we build, host, and operate Fortworx.
Found a vulnerability? We take every report seriously. Reach out to security@fortworx.com and our team will investigate and respond promptly.
Infrastructure
Built on EU infrastructure
All customer data lives in Germany — no exceptions. Our hosting provider is certified to the standards your compliance team expects:
- ISO/IEC 27001:2022 — International standard for information security management systems
- BSI C5 — Cloud Computing Compliance Criteria Catalogue by the German Federal Office for Information Security
- KRITIS-V / NIS-2 — Compliance with German critical infrastructure regulations and the EU directive on network and information security
- PCI DSS — Payment Card Industry Data Security Standard
Compliance
Audited, not just promised
We are actively pursuing SOC 2 Type II certification — the gold standard for demonstrating that security controls aren't just designed well, but operate effectively over time across security, availability, confidentiality, and privacy.
Fully GDPR compliant from the ground up. With infrastructure in Germany, data processing agreements for paid plans, and clear data retention policies, your data stays in Europe and under your control.
How We Protect Your Data
Defense in depth, by default
- Encryption everywhere — All data is encrypted in transit (TLS) and at rest using individually rotating encryption keys. No shortcuts, no exceptions.
- Transparent subprocessors — We maintain a public list of every third party that touches your data. See our subprocessors page.
- Data Processing Agreement — A DPA is included with all paid plans.
- Your data, your call — Delete your account and all associated data at any time. We retain nothing beyond what's needed to run the service, and we never sell your data. Period. See our Privacy Policy and Terms of Service.