We encrypt everything to keep your data safe
We are a german company and based in Münster. Germany is renowned for having one of the strictest data protection laws in the world. We believe in these laws and stick to them.
Our infrastructure -and so your data- is exclusively on servers in data centers within Germany and always encrypted, both in transit and at rest.
Privacy and Transparency
We have never received any request for user data and we'd expect to challenge such an order (in Germany such an order would have to be an official court order) if it were served on us in the future.
Encryption of data in transit
All communications between you, your devices and our systems are transferred using the HTTPS protocol and encrypted at all times.
We exclusively use modern TLS protocols and constantly update our configuration to ensure strong ciphers. Perfect Forward Secrecy (PFS) prevents attackers from mass-decrypting logged connections. Even if a single message is compromised it cannot lead to the compromise of others. With HTTP Strict Transport Security (HSTS) we also protect you from downgrade attacks.
These measures help us maintaining the best possible grade of A+ at the time of writing for the Qualys SSL Labs test for fruux.
Encryption at rest
Latest security practices
Besides just using modern encryption, we also implement the latest security practices into fruux, such as Content Security Policy (CSP). With CSP we're preventing so called cross-site scripting (XSS) and related attacks.
Keeping your data safe is a job that's never done
Hopefully this gave you a good overview of how we're keeping you safe. It goes without saying that this is a job that's never done. Security is not something we simply "add" to our product, it's a constant process we're working on all the time. Don't hesitate to get in touch if you have any questions. We're looking forward to hearing from you.