Security

Security at Euroland IR

How we protect your data and maintain the integrity of our platform.

Last updated: April 2025

Our Commitment to Security

Security is a core component of everything we build at Euroland IR. We protect the confidentiality, integrity, and availability of your data through a comprehensive set of technical and organisational controls. Our security programme is aligned with ISO 27001 and SOC 2 Type II principles.

Security Measures

Encryption in Transit
All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. We enforce HTTPS across all endpoints.
Encryption at Rest
Sensitive data stored on our servers is encrypted at rest using AES-256. Database backups are also encrypted.
Access Controls
Access to production systems is restricted to authorised personnel only, using role-based access control (RBAC) and multi-factor authentication (MFA).
Penetration Testing
We conduct regular third-party penetration tests and vulnerability assessments. Critical findings are remediated within 48 hours.
Infrastructure Security
Our platform is hosted on ISO 27001-certified cloud infrastructure with 24/7 monitoring, automated threat detection, and DDoS protection.
Secure Development
Our development process follows OWASP secure coding guidelines. All code changes undergo peer review and automated security scanning before deployment.
Incident Response
We maintain a documented incident response plan. In the event of a security breach, affected clients will be notified within 72 hours in accordance with GDPR requirements.
Business Continuity
We maintain automated daily backups with point-in-time recovery. Our recovery time objective (RTO) is 4 hours and recovery point objective (RPO) is 1 hour.

Data Residency

By default, all client data is stored within the European Economic Area (EEA) on servers located in Sweden and Germany. Clients with specific data residency requirements should contact their account manager.

Subprocessors

We use a limited number of vetted subprocessors to deliver our services, including cloud infrastructure, email delivery, and customer support tooling. All subprocessors are bound by data processing agreements and are required to maintain security standards equivalent to our own. A full list of subprocessors is available on request.

Compliance

Euroland IR maintains compliance with the following frameworks and regulations:

  • General Data Protection Regulation (GDPR) — EU 2016/679
  • Swedish Data Protection Act (Dataskyddslagen)
  • ISO/IEC 27001 (Information Security Management) — aligned
  • SOC 2 Type II — aligned
  • OWASP Top 10 — addressed in development lifecycle

Responsible Disclosure

We welcome reports from security researchers who identify vulnerabilities in our systems. If you believe you have found a security issue, please contact us at security@euroland.com before disclosing it publicly. We commit to acknowledging your report within 24 hours and providing a resolution timeline within 5 business days.

Contact

For security-related enquiries, please contact: Security Team — Euroland IR AB Email: security@euroland.com For urgent matters: +46 31 700 0888