For DPOs and IT

Data security in Egalis

In short

Pay data lives exclusively in the European Union, calculations run on pseudonymised data (no names, no national ID numbers), optional names are encrypted at rest, every legally relevant action lands in an audit log that even we cannot modify, and full export and deletion are buttons in the application, not email requests.

Where the data lives

On Hetzner servers (data centres in Germany, EU), administered by us — not on shared infrastructure with uncontrolled third parties. The public website stores nothing: all free tools run entirely in the visitor’s browser.

Pseudonymisation by design

The calculation engine never sees names or national ID numbers: in the calculations, employees exist only as their payroll ID plus sex (the only criterion the Directive permits collecting). If a company chooses to import names too (for day-to-day operation), they live in a separate table, encrypted with AES-256-GCM, visible exclusively to the owner and HR-admin roles — and they never enter calculations, reports or legal exports.

Isolation between companies

The platform is multi-tenant with strict per-company isolation, demonstrated by automated isolation tests that run on every code change. Access is role-based (owner, HR admin, management approver, workers’ representative, employee, recruiter) — access control the Directive requires, not an option.

An immutable audit log

Every legally relevant action (import, evaluation, approval, report, answer to a request, deadline notification) is written to an append-only log. Immutability is enforced at the database level (a trigger rejects any UPDATE or DELETE), not by application convention — not even administrators can rewrite history.

Authentication and access

  • Passwords stored with scrypt (irreversible, salted hashing).
  • Two-step verification (TOTP) supported at sign-in.
  • Rate limiting on authentication and public forms (anti brute-force).
  • httpOnly sessions; strictly necessary cookies only (see the cookie policy).
  • All traffic over TLS; administration ports closed to the public internet.

Your data is never held hostage

Full export (structured JSON) and permanent company deletion are functions in the application, available to the owner at any time — including after the subscription ends. Deletion removes all content data; the audit log is retained as legal evidence (it contains no salary data).

Continuity

Regular database backups with periodic restore tests; a staging environment separate from production; a safety copy before any data-structure change. Application errors are collected centrally, and processes touching legal deadlines are treated at maximum severity — the product’s promise is “you don’t miss deadlines”.

Reporting vulnerabilities

Responsible disclosure

Found a security issue? Write to office@addovision.ro. We confirm receipt within 48 hours and do not initiate legal action against good-faith research.

Updated: 10 July 2026. Figures reflect Directive (EU) 2023/970 as adopted. Member states had to transpose it by 7 June 2026 and may impose stricter national rules — check your country's implementing law (Egalis country editions track them).

Egalis does not provide legal advice; for specific situations, consult an employment lawyer.