Products
Solutions
Pricing
Company
Sign In
Security Documentation

OLAZZA Security Whitepaper

Complete documentation of our security architecture, compliance certifications, and data protection measures.

Last Updated: January 2025Version 2.0

1. Executive Summary

OLAZZA is committed to providing enterprise-grade security for all customers. Our security infrastructure is built on industry best practices and complies with major European regulations including GDPR and GoBD.

Key Security Highlights

  • 256-bit AES encryption for all data at rest and in transit
  • German data residency - all data stored in EU/German data centers
  • GDPR compliant data handling and processing
  • GoBD compliant archiving for German businesses
  • SOC 2 Type II certification (in progress)
  • Regular third-party security audits

2. Data Encryption

Encryption at Rest

All customer data is encrypted using AES-256 encryption with secure key management and automatic key rotation.

Encryption in Transit

All data transmitted between clients and servers uses TLS 1.3. We enforce HTTPS for all connections and implement HSTS headers.

ComponentEncryption Standard
DatabaseAES-256
File StorageAES-256
API TrafficTLS 1.3
BackupsAES-256

3. GDPR Compliance

OLAZZA is fully compliant with the General Data Protection Regulation (GDPR). We implement all required technical and organizational measures.

Data Subject Rights

  • Right to Access - Export your complete data at any time
  • Right to Rectification - Update your personal data
  • Right to Erasure - Request complete data deletion
  • Right to Portability - Download data in standard formats
  • Right to Object - Opt out of data processing

Data Processing

We process data only for specified, explicit, and legitimate purposes. All data processing activities are documented in our Records of Processing Activities (ROPA).

4. GoBD Compliance

For German businesses, OLAZZA provides GoBD-compliant document archiving and record-keeping. GoBD (Grundsatze zur ordnungsmaßigen Fuhrung und Aufbewahrung von Buchern, Aufzeichnungen und Unterlagen in elektronischer Form sowie zum Datenzugriff) defines requirements for digital accounting.

GoBD Requirements Met

  • Immutability - Documents cannot be altered after archiving
  • Traceability - Complete audit trail for all changes
  • Completeness - All relevant documents are captured
  • Timeliness - Documents archived promptly
  • Order - Systematic organization of documents
  • Readability - Documents remain accessible for 10+ years

Archiving Features

FeatureStatus
10-year retentionIncluded
Audit trailComplete
Timestamp verificationActive
Export for tax auditsAvailable

5. Infrastructure Security

Data Centers

All data is stored in ISO 27001 certified data centers located in Germany. These facilities meet the highest physical security standards and comply with EU data residency requirements.

Network Security

  • Web Application Firewall (WAF) protection
  • DDoS mitigation
  • Intrusion detection and prevention
  • Network segmentation
  • 24/7 security monitoring

Access Control

  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA)
  • Single Sign-On (SSO) support
  • Session management and timeout
  • IP whitelisting (Enterprise)

6. Application Security

Secure Development

Our development process follows OWASP guidelines and includes security reviews at every stage.

Security Measures

  • Regular penetration testing
  • Automated vulnerability scanning
  • Code security reviews
  • Dependency vulnerability monitoring
  • Bug bounty program

API Security

  • OAuth 2.0 / OpenID Connect authentication
  • Rate limiting and throttling
  • Input validation and sanitization
  • API versioning and deprecation policies

7. Business Continuity

OLAZZA maintains comprehensive business continuity and disaster recovery plans to ensure service availability.

MetricTargetActual
Uptime SLA99.9%99.95%
RTO (Recovery Time)< 4 hours< 2 hours
RPO (Data Loss)< 1 hour< 15 min
Backup FrequencyEvery 15 minEvery 15 min

Backup Strategy

  • Automated incremental backups every 15 minutes
  • Daily full backups with 30-day retention
  • Geo-redundant backup storage
  • Regular backup restoration testing

8. Compliance & Certifications

CertificationStatusRenewal
GDPRCompliantContinuous
GoBDCompliantAnnual review
ISO 27001In progressQ2 2026
SOC 2 Type IIIn progressQ3 2026

Third-Party Audits

We conduct annual third-party security audits and share results with enterprise customers upon request.

Questions About Security?

Contact our security team at security@olazza.com or start your free trial to experience our security-first approach.

Start Free TriallearnMore