Trust Center

Compliance & Security

This page is maintained by trendguru GmbH and answers common questions about privacy, security and operations at TrendGuru. It does not represent an independent certification.

GDPR-compliant

Processing under Art. 6 GDPR, DPAs (Art. 28) with all subprocessors, documented data-subject rights.

EU data residency

Primary processing and storage in EU data centers. Standard Contractual Clauses for third-country transfers.

Encryption

TLS 1.2+ in transit, AES-256 at rest. Separated key management for customer and operational systems.

Access controls

Role-based access, MFA required for internal systems, least-privilege principle and regular access reviews.

Operational security

Hardening baselines, vulnerability scans, logging and monitoring with alerting on security events.

Documentation

Records of processing activities, TOMs documentation and incident response plan available on request.

Frameworks & standards

We align with recognised security standards. Current status:

  • GDPRIn production – ongoing operation
  • ISO 27001Controls alignment – certification planned
  • SOC 2 Type IIControl design in preparation
  • TISAXRoadmap – on request

DPAs, subprocessors & audit requests

DPA, current subprocessor list and TOMs documentation are provided to customers on request. Contact us at compliance@trendguru.com.