anonym.legal

Security & Compliance

Enterprise-grade security following ISO 27001 standards, GDPR compliance, and German data residency on certified infrastructure.

Zero-Knowledge SecurityRequest DPA
ISO 27001
Standards
GDPR
Compliant
Made in Germany
EU Data Residency
AES-256-GCM
Encryption

Security Features

Comprehensive security measures at every level of our infrastructure

ISO 27001 Standards

Following ISO 27001 security standards with comprehensive policies and controls on certified infrastructure.

ISO 27001 Standards detailsDocs

GDPR Compliance

Full compliance with EU General Data Protection Regulation including DPA support.

GDPR Compliance detailsDocs

NIS2 Ready

Supporting EU NIS2 Directive requirements with encryption, pseudonymization, and audit capabilities.

NIS2 Ready detailsDocs

German Infrastructure

All data processed in Hetzner's ISO 27001-certified data centers in Germany.

German Infrastructure detailsDocs

Encryption

TLS 1.2+ in transit, AES-256-GCM at rest. Your data is encrypted at every step.

Encryption detailsDocs

Two-Factor Auth

Optional 2FA with TOTP or email codes for enhanced account security.

Two-Factor Auth detailsDocs

How We Handle Your Data

Transparency is key. Here's exactly what happens to your data.

We Do

  • Process your text in memory only
  • Encrypt all data in transit (TLS 1.2+)
  • Encrypt sensitive data at rest (AES-256-GCM)
  • Maintain audit logs for compliance
  • Process data only in Germany (EU)

We Don't

  • Store your original text content
  • Train AI models on your data
  • Share data with third parties
  • Transfer data outside the EU
  • Keep logs of processed content

Security FAQ

Is anonym.legal GDPR compliant?

Yes. We are fully GDPR compliant. All data is processed exclusively in Germany on ISO 27001-certified infrastructure. We offer Data Processing Agreements (DPA) for all customers and support all GDPR data subject rights.

Where is my data stored?

Your data is processed in Hetzner data centers in Germany. We don't use AWS, Azure, or GCP - avoiding US Cloud Act jurisdiction entirely. No data leaves the EU.

Do you store the content I anonymize?

No. Text is processed in memory and immediately discarded. We only store metadata (token counts, timestamps) for billing. Your actual content is never persisted to disk.

What encryption do you use?

TLS 1.2/1.3 for data in transit, AES-256-GCM for data at rest. For Zero-Knowledge auth, we use Argon2id for password hashing and XChaCha20-Poly1305 for vault encryption in the Desktop App.

Can I get a DPA (Data Processing Agreement)?

Yes. We provide standard GDPR-compliant DPAs for all business customers. Contact our team to receive your DPA within 24 hours.

Need More Details?

Explore our comprehensive security documentation or contact us for specific compliance requirements.

Security DocumentationContact Security Team