Security at Servivum

At Servivum, we take the security of your data seriously. As a small, specialized team, we combine enterprise-grade security practices with the agility to quickly respond to emerging threats.

Infrastructure Security

Hosting & Data Residency

  • All data is hosted exclusively in German datacenters
  • Full GDPR compliance with data processing in the EU
  • Geographically distributed backups for disaster recovery

Network Protection

  • End-to-end encryption using modern TLS standards
  • Web Application Firewall (WAF) with threat intelligence
  • Runtime security monitoring for all applications
  • Strict firewall policies and network segmentation
  • DDoS protection

Access Control

  • Multi-factor authentication for administrative access
  • Cryptographic key-based authentication
  • Least privilege access model
  • Regular access reviews

Application Security

Secure Development

  • Mandatory code review process
  • Automated source code vulnerability scanning
  • Dependency and supply chain risk analysis
  • Container security scanning
  • Infrastructure as Code security validation
  • Staging environment validation before production

Monitoring & Response

  • 24/7 system monitoring
  • Security incident response within 24 hours
  • Automated threat detection and mitigation

Operational Security

Updates & Maintenance

  • Regular security patching
  • Automated vulnerability scanning
  • Critical patches applied within 48 hours

Backup & Recovery

  • Daily automated backups
  • Geographically redundant storage
  • Regular restoration testing
  • Recovery Time Objective (RTO): 4 hours

Compliance

  • 🇪🇺 GDPR (General Data Protection Regulation)
  • 🇩🇪 BDSG (German Federal Data Protection Act)
  • Industry best practices for data protection

Service Status

Monitor our system availability and performance at status.servivum.com

Report a Security Issue

Found a security vulnerability? We appreciate responsible disclosure.

Security Contact: security@servivum.com
Response Time: Within 24 hours

We request that you:

  • Allow reasonable time to respond before public disclosure
  • Avoid accessing or modifying customer data
  • Provide sufficient detail to reproduce the issue

For detailed information about our vulnerability disclosure process, please see our vulnerability disclosure policy.

See security.txt for a machine-readable format of the relevant informations.

Last updated: 30/08/2025