GDPR & Security

Our security measures at a glance

Confidentiality

Confidentiality refers to the aspect that it is ensured that a message can only be viewed by the group of people intended for it and remains protected from outside access or publication.

  • TLS encryption: We encrypt all connections between the client, i.e. your end device, and our servers with TLS (better known under the name of the previous version SSL). This prevents user input and data from being tapped on the transport route.
  • Hosting in Germany: Hosting exclusively at Deutsche Telekom.
  • Certifications: The data center used by Echometer is certified according to ISO 27001 (view all certifications).
  • Internal security guidelines: Secure passwords for all accounts, key authentication on servers. All accounts with access to personal data are protected with 2-factor authentication where possible.

 

Availability

Availability describes the extent to which a system is able to implement the requirements received by the user within a limited period of time.

  • Transparently high availabilityPublic Uptime Monitor
  • Monitoring: Continuous monitoring of our systems enables us to intervene quickly in the event of malfunctions.
  • Backups: Automated regular backups ensure the availability of your data. Backups are regularly checked for recoverability.

 

Integrity

Integrity is about the fact that information can only be written and modified by the intended people.

  • Access to data is only possible via password-protected accounts.
  • We use hashing with current and secure methods (PBKDF2) with different salts to encrypt passwords, so even if our data leaks, no password can be extracted, not even with hashtables.
  • Basically, it depends on you how strong your password is: In order to support you in creating the password, we provide information when registering what a relatively secure password can look like.

Order processing according to GDPR ☑️

As a customer of Echometer, a company must conclude a contract on commissioned processing (also known as a "Data Processing Agreement" / DPA) with Echometer GmbH as a processor in accordance with the General Data Protection Regulation (DSGVO).

With each subscription/contract conclusion, the current contract for order processing at the time of the contract conclusion becomes an integral part of the contract.

Here you can download the complete contract for order processing and associated TOMs as a PDF:

 

Current version (2024 03)

Valid for new customers from March 13, 2024.

 

Updates

We improve our contracts for commissioned processing and adapt them to new framework conditions on an ongoing basis.

If we (Echometer) adjust the contract for order processing in the future and thus replace the previous version, the workspace admins in Echometer will receive information about this by email.

Previous versions

Version 2023 08

Still valid for new customers between August 31, 2023 and March 12, 2024.

Version 2023 05

Still valid for new customers between May 1, 2023 and August 30, 2023.

Version 2022

Still valid for customers with contracts signed before May 2023.