Security

Data and IT infrastructure security is one of the key pillars of the eAuditor Cloud. The Administrator takes the utmost care to ensure compliance with the requirements of GDPR, industry best practices and information security standards. User data is protected through transmission encryption, access control, and continuous security monitoring.

The Administrator guarantees Service availability at the level of 99.90% annually.

Data location and protection

• All servers eAuditor Cloud are located in Poland, in data centers that meet the requirements of GDPR and national personal data protection regulations.

• The infrastructure location is in the OVHcloud data center in Ożarów Mazowiecki (Kazimierza Kamińskiego 6, 05-850 Ożarów Mazowiecki, Poland) - a facility managed by OVHcloud sp. z o.o., which holds, among others, the following certificates ISO 27001, ISO 27017, ISO 27018, ISO 27701, as well as the standards SOC 1/2/3 (as of 13.11.2025). More information: OVHcloud Compliance and Certifications

• Each Customer has their own individual database, which is not shared with other services or customers.

• Data is not transferred outside the European Economic Area (EEA).

• To ensure the highest level of security, the Service is regularly subjected to penetration tests and security audits conducted by independent, specialized entities.

Backups and data recovery

The scope and availability of backups depend on the selected subscription plan:

• FREE Plan – backups are not available.

• INV100 Plans and ACT200 – the system performs 1 backup, stored in the same location where the eAuditor cloud infrastructure operates, i.e. in the OVHcloud data center in Ożarów Mazowiecki.

• DLP300 Plan – the following are available 2 backups:

  • one stored in Ożarów Mazowiecki,

  • the second in a separate location within the European Union, meeting the described security and compliance standards.

Backups are used solely for the purpose of restoring data in the event of a failure or loss of system availability.

Encryption and data transmission

• The data transmission process is secured using SSL/TLS, which guarantees confidentiality and integrity of communication between the user and the service.

• Communication between system components (eAgent and eServer ) is carried out using the TLS 1.3.

• Both eAgent, and eServer have their own certificates 4096-bit SSL key, which provides a very high level of security for data transmission.

• Encryption covers both real-time data transmission and communication during authentication processes and exchange of system information.

Data storage and deletion

• Data transmitted to the eAuditor cloud Service is recorded on the Customer Account and may be deleted by the Customer at any time.

• After termination of the Service, the Customer Account is locked for a period of 14 days, after which the data is permanently deleted (on the 15th day from Account closure), subject to obligations arising from legal regulations.

• After permanent deletion of data, their recovery is technically impossible.

• The Administrator processes Customer data after Account closure only to the extent and for the period necessary to fulfill legal obligations, in particular those arising from accounting and tax regulations.

Authentication and access

• Console login eAuditor Cloud is carried out using multi-factor authentication (MFA).

• The system is integrated with authenticator applications such as Google Authenticator and Microsoft Authenticator.

• The Account Administrator can enforce the use of MFA for all organization users.

• The system works with Microsoft Entra ID, enabling centralized identity and access management.

• Access to system features and data can be managed based on roles (RBAC).

Service updates

• New software versions eAuditor Cloud and updates (patches) are provided to users automatically.

• Updates include security fixes, performance improvements and new functionalities.

Payment Security and Billing Operator

• As part of the billing model we use the operator Stripe, which also affects the security of the eAuditor cloud system.

• Stripe is a certified Service Provider Level 1 compliant with the PCI DSS 4.0 standard, which means the highest level of security in processing payment card data.

• Stripe holds compliance reports of the type SOC 1 and SOC 2 Type II, and all API connections and dashboards operate exclusively over a secure HTTPS/TLS channel. More.

• As a result, your payment data and subscription information are processed by an operator that meets rigorous industry standards.

User responsibilities regarding security

To maintain the security of using the Service, the following rules apply to all persons with access to the Customer account, including Users, and Account Administrators (according to the definitions in the Service Terms):

• Use the current version of recommended web browsers: Chrome, Edge, Firefox or Safari.

• Regularly update the browser to the latest stable version.

• Be aware that using browsers other than those recommended may cause improper Service behavior.

• Ensure protection of access credentials and do not share them with unauthorized persons.

• Use the Service in accordance with legal regulations and the rules specified in the Service Terms.

Additional responsibilities of the Account Administrator:

• Managing User accesses and controlling the assigned permissions.

• Oversight of the Customer Account configuration.

• Responding to suspected unauthorized access or security breaches.

More information can be found in the eAuditor Cloud Service Terms.