For DPOs and IT
Data security in Egalis
In short
Where the data lives
On Hetzner servers (data centres in Germany, EU), administered by us — not on shared infrastructure with uncontrolled third parties. The public website stores nothing: all free tools run entirely in the visitor’s browser.
Pseudonymisation by design
The calculation engine never sees names or national ID numbers: in the calculations, employees exist only as their payroll ID plus sex (the only criterion the Directive permits collecting). If a company chooses to import names too (for day-to-day operation), they live in a separate table, encrypted with AES-256-GCM, visible exclusively to the owner and HR-admin roles — and they never enter calculations, reports or legal exports.
Isolation between companies
The platform is multi-tenant with strict per-company isolation, demonstrated by automated isolation tests that run on every code change. Access is role-based (owner, HR admin, management approver, workers’ representative, employee, recruiter) — access control the Directive requires, not an option.
An immutable audit log
Every legally relevant action (import, evaluation, approval, report, answer to a request, deadline notification) is written to an append-only log. Immutability is enforced at the database level (a trigger rejects any UPDATE or DELETE), not by application convention — not even administrators can rewrite history.
Authentication and access
- Passwords stored with scrypt (irreversible, salted hashing).
- Two-step verification (TOTP) supported at sign-in.
- Rate limiting on authentication and public forms (anti brute-force).
- httpOnly sessions; strictly necessary cookies only (see the cookie policy).
- All traffic over TLS; administration ports closed to the public internet.
Your data is never held hostage
Full export (structured JSON) and permanent company deletion are functions in the application, available to the owner at any time — including after the subscription ends. Deletion removes all content data; the audit log is retained as legal evidence (it contains no salary data).
Continuity
Regular database backups with periodic restore tests; a staging environment separate from production; a safety copy before any data-structure change. Application errors are collected centrally, and processes touching legal deadlines are treated at maximum severity — the product’s promise is “you don’t miss deadlines”.
Reporting vulnerabilities
Responsible disclosure
Found a security issue? Write to office@addovision.ro. We confirm receipt within 48 hours and do not initiate legal action against good-faith research.