ISO 27001
Information-security management certified to ISO/IEC 27001.
CertifiedWe hold ourselves to the same standard we help you reach. Here is how Regwolf protects your data — our certifications, practices, subprocessors and policies, in one place.
Information-security management certified to ISO/IEC 27001.
CertifiedIndependent audit of security, availability and confidentiality.
Report availableEU data residency, DPA and Standard Contractual Clauses.
CompliantOur own program is built to the NIS2 risk-management measures.
In surveillanceTLS 1.2+ in transit and AES-256 at rest for all customer data, with managed key rotation.
Role-based access, enforced MFA and SSO, with quarterly access reviews and full audit logs.
Customer data is stored and processed in the EU, on infrastructure with strong physical security.
Encrypted, regularly tested backups with defined RPO/RTO and a documented disaster-recovery plan.
Continuous logging, anomaly detection and alerting across infrastructure and application layers.
Annual third-party penetration tests and continuous vulnerability scanning with tracked remediation.
| Subprocessor | Purpose | Region |
|---|---|---|
| AWS (Europe) | Cloud hosting & storage | EU — Frankfurt / Ireland |
| Cloudflare | CDN, DNS & DDoS protection | Global edge (EU data) |
| Postmark | Transactional email | EU |
| Plausible | Privacy-friendly analytics | EU — Germany |
| Intercom | Customer support messaging | EU / adequacy + SCCs |
We give customers prior notice of subprocessor changes with a right to object, per our DPA.
Customers and prospects under NDA can request our SOC 2 Type II report, penetration-test summary and security questionnaire. Email security@regwolf.com or report a vulnerability to the same address.