Skip to main content
Security & Compliance

Your System of Record for Sensitive Data

Nalpeiron is built on a security-first architecture with enterprise-grade certifications, global data sovereignty, and zero-trust principles.

Schedule Security ReviewView Docs
SOC 2 Type II
Compliance & Certifications

Security isn't a feature. It's the foundation.

Nalpeiron maintains the highest standards of security and compliance so you can focus on monetizing your software.

SOC 2Type II Certified

Independent audit of security controls, availability, and confidentiality.

GDPRCompliant

Full compliance with EU data protection regulations and privacy standards.

CCPAReady

California Consumer Privacy Act readiness for US data handling.

PCI DSSLevel 1

Payment Card Industry Data Security Standard compliance.

SSOTwo-Factor

Enterprise single sign-on with multi-factor authentication.

99.9%+Uptime SLA

Guaranteed availability with redundant infrastructure.

Independently verified. View real-time compliance status on our trust portal.
Trust Center →

Enterprise-Grade Certifications

Independently verified, continuously audited

SOC 2 Type II

Annual Audits

Independent verification of our security, availability, processing integrity, confidentiality, and privacy controls. Annual audits ensure continuous compliance.

Security

Availability

Confidentiality

Privacy

GDPR

EU Compliant

CCPA/CPRA

California Privacy

HIPAA

Ready for Healthcare

Data Residency

US, EU

Security Architecture

Defense in depth, zero-trust principles

Encryption

  • TLS 1.3 for all data in transit
  • AES-256 encryption at rest
  • Regional encryption key management
  • Hardware Security Modules (HSM) for key storage

Access Control

  • Role-Based Access Control (RBAC)
  • Multi-Factor Authentication (MFA) required
  • Least privilege principle enforcement
  • Session management with automatic timeout

Monitoring & Response

  • 24/7 security monitoring and alerting
  • Real-time intrusion detection (IDS/IPS)
  • Automated threat response playbooks
  • Comprehensive audit logging

Infrastructure Security

  • DDoS protection at network edge
  • Network segmentation and micro-segmentation
  • Web Application Firewall (WAF)
  • Regular vulnerability scanning

Global Data Sovereignty

Your data stays where you need it

Nalpeiron maintains two separate data center locations for our service: clients in Europe can choose to host their data exclusively in the Eurozone (Frankfurt), or in our US-based data centers for global presence.

US / Global Data Center

United States

US-based infrastructure for worldwide coverage and global clients

Global Clients
Worldwide presence
Europe Data Center

Frankfurt, Germany

Eurozone-only hosting for European clients with full GDPR compliance

European Clients
Data stays in the EU

Data Sovereignty Guarantees

Data never crosses regional boundaries without explicit permission
Local encryption keys managed in-region
Right to data portability and deletion (GDPR Articles 20 & 17)

Security Operations

Continuous validation and improvement

Penetration Testing

Annual assessments by independent security firms to identify and remediate vulnerabilities before they become risks.

Frequency: Quarterly + on-demand

Vulnerability Management

Automated scanning, patch management, and remediation tracking. Critical vulnerabilities patched rapidly.

SLA: Critical patches < 14 days

Incident Response

Documented incident response plan with defined escalation paths, communication protocols, and post-incident reviews.

Response Time: < 1 hour for critical incidents

Flexible Deployment Security

From multi-tenant SaaS to air-gapped environments

Multi-Tenant SaaS

Shared infrastructure with logical isolation, perfect for most ISVs. Cost-effective with enterprise-grade security.

  • • Tenant-level encryption
  • • Data isolation guarantees
  • • Shared SOC 2 compliance

Single-Tenant / Private Cloud

Dedicated infrastructure for regulated industries (finance, healthcare, government) with strict compliance requirements.

  • • Dedicated database instances
  • • Custom encryption keys
  • • Private VPC/network

Air-Gapped / On-Premise

For maximum security environments—defense contractors, critical infrastructure, and high-security deployments. Offline license activation and validation.

  • No internet connectivity required
  • Offline activation workflows
  • Custom security hardening

Security Resources

Documentation and transparency for your security team

SOC 2 Type II Report

Available under NDA

Security Whitepaper

Architecture overview

DPA & SCC Templates

For GDPR compliance

Pen Test Summary

Latest findings (redacted)

Request full documentation via your sales or technical contact.

Trust Center

Security questions for your team?

Schedule a security review with our architects. We'll walk through our architecture, compliance posture, and answer your security questionnaire.

Includes security assessment and compliance documentation

Schedule Security ReviewView Docs