ecos Trust Center

IT security and data protection aren’t just a priority – they are a necessity.

We are aware that when you use our products and services, you entrust us with one of your most valuable asset – data. Hence, data protection & IT security are an integral component of everything we do. We meet the requirements of EU GDPR and are ISO27001 certified.

Allianz für cyber-sicherheit logo
Report security issue

Please send an email directly to our data security officer at

IT Security

It is your data and our promise to manage it safely. We do our utmost to incorporate security in every aspect of our processes and products. Below are some of the key features:


Advanced user access management

Secure physical & digital authentication reduces the risk of improper access. With Role Base Access Control (RBAC) and Discretionary Access Control (DAC) we ensure only authorized employees have access to your data. 

Data Encrypted at Rest and in Transit

With state-of-the-art encryption, we protect our customer data both at rest and in transitAll the communications between ecos products and the data center as well as between the data center and end users are secured using elliptical asymmetric encryption ECC with 233 bits.

Data at Rest

(AES-256 encrypted)

Data in Transit

(HTTPS/ TLS 1.2 encrypted)

In the rare instance of a data breach at ecos, we make sure to verify if all our customer’s data is safe or if it has been affected and endangers the rights and freedoms of their staff. In case this happens we immediately notify the customers concerned so that they can carry out their legal obligation to notify their staff and regulatory authority.  

Recoverability and regular backups

A strict backup concept is followed to ensure highest security. We conduct a incremental and weekly backup of all our customer’s data stored. If they choose so, our customers can download the stored data through our ecos webman. The backup file will be sent out encrypted and can be saved by our customers in parallel. In this way our customers have full control over their data retention.

In the unlikely case of the total failure of our systems, our redundant data center guarantees that your data is not lost. As per our disaster recovery concept, fastest possible recovery is delivered.     


Verification of our security claims

We run audits of our procedures and products at regular intervals, generally once a year, in sync with the legal data protection requirements. The results of these audits are then used to take specific action to further enhance our documentation, processes and software features.

We also perform vulnerability and penetration tests in regular intervals. Those are performed either by IT specialists such as DITIS Systems or by customers such as military organisations, supermarket chains or railway companies.

Data Protection

Data protection isn’t negotiable. It is the right of every individual and at ecos we make sure to keep it that way. We ensures that our customer’s data is handled following the GDPR and they have the transparency where their data is, at all times.

Ownership of your data

You are and remain the sole owner and controller of your data as per the meaning specified in article 24 EU GDPR. We remain only the order processor who processes your data at your instructions and according to the data processing agreement.

You can access, modify or ask us to delete your data anytime as and when required.

two-people-shaking hand-to-show-ownership

frankfurt-skyline-with-0&1-in front-to show-data-center-in-frankfurt

Security of our data centers & customer’s data

ecos systems uses a ISO 27001 & CSA STAR certified data center within the United States. It is managed by Microsoft. The data center is Tier 4 and ensures an uptime of 99.9995%.

Neither data center staff nor Microsoft employees have or will ever have access to your data. At ecos systems too, only the IT infrastructure team and our product team will have a need-to-know data access. This will be required when processing service inquiries. And since our employees are trained in the guidelines laid out by the General Data Protection Regulation (GDPR), they are aware of the data secrecy requirements and the consequences of any breach. Similarly all our subcontractors who may have access to your data, are bound by contractual privacy commitments.  

If any of our customers terminates the business relation, their data is immediately deleted from our data center. This also includes cached or backup copies.  


GDPR compliant data processing & standards

Data protection is an integral part of our product strategy therefore when developing them we respect the stipulations of Art. 25 EU GDPR of data protection by design and by default.

We generally assume that we are compliant with the essential requirements of the EU GDPR today as we have reviewed the default settings of the entire application and adapted them to provide the highest-possible level of data protection while still ensuring user friendliness. Furthermore, the settings are generally all adaptable to the customer’s individual needs.

Supporting our customers to respect rights of data subjects

We support our customers to follow chapter 3 of EU GDPR ensuring the rights of data subjects to have access, obtain erasure and request portability of personal details.

Furthermore the ecos webman provides the possibility to pseudonymize personal data automatically after 30, 60 or 90 days, or manually at any point in time.




ISO 27001

This is the internationally recognized standard for managing risks associated with information security and describes the requirements for implementing & optimizing such a system.


ISO 9001

ISO 9001 is the global standard that confirms a company’s or organization’s commitment to enhancing quality, delivering efficient operations & improving customer satisfaction. 


ISO 14001

This certificate is the globally recognized and applied standard for environmental management systems. It demonstrates the organization’s environmental commitments.




GDPR Framework

GDPR is the stringent data security and privacy law in the world. Though drafted and passed by EU, it imposes obligations on every company or organization to protect and follow its guidelines when dealing with people in the EU.