Protecting your data is our top priority

To ensure the security of your data, we use world-class encryption technologies, advanced firewalls and access controls, conduct regular security audits by outside experts, and have industry-leading certification.

We always strive to establish world-class security standards and, to this end, have fully implemented the information security controls defined as a minimum requirement by the International Organization for Standardization (ISO).

You can find our ISO 27001: 2017 certificate in english language here.

tchop protects your data based on a comprehensive, TÜV-certified information security management system. This security system continuously checks the product and platform for vulnerabilities and uses industry-leading security technologies. In doing so, we follow state-of-the-art Defense-in-Depth concepts to protect data.

The core guidelines of our information security management system (ISMS) you can find here:

Information Security Policy (Public Version)

Interested contacts on the customer side can gain insight into the details of our management system, as far as this is possible against the background of confidentiality.

The basics of our information security approach

Virtual private cloud

• Hosted in ISO 27001: 2017 certified data centers.
• Hosting provider of customer's choice (AWS or Hetzner).
  • Processing limited to the jurisdiction
• Completely separate client infrastructure (customer environment)
• On Premise installation also possible

Operational security

• Secure product development lifecycle
• Security testing and vulnerability management
• Testing by external security experts
• Ongoing testing by various external tools
• Logging and monitoring
• Incident response plans

Complete and secure encryption

• Data encryption at rest and during transmission.
• Use of AES-256 and transmission only via TLS 1.2 or 1.3
• Data encryption for mobile applications (incl. protection against men-in-the-middle attacks)

Compliance with regulatory requirements

• German Data Protection Act
• German Data Protection Regulation (DSGVO)
• Certification according to ISO 27001:2017
• Data protection agreement with customers
• Contact our data protection officer

High availability

• Status report on status.tchop.io
• Contractually binding 99.9% availability
• Disaster recovery and business continuity planning
• Frequent backups and snapshots
• Comprehensive technical support based on an SLA (part of our licence agreement)

Customer access control

• Function-based access rights via the admin area
• Complex rights and roles principle
• Integration with your existing identity management
• SAML 2.0 or SCIM interface to SSO and user directory

TÜV certified

The independent testing organization TÜV Süd has confirmed the correct application of our information security management system (ISMS) by certifying it in accordance with ISO 27001:2017 at the beginning of 2023.

We were audited in English, as our ISMS is also written in English. This is done against the background of our international workforce. tchop internally communicates exclusively in English.

ISO/IEC 27001 is the leading international standard for information security management systems (ISMS) and therefore the most important cyber security certification. It provides organisations of all sizes with clear guidelines for planning, implementing, monitoring and improving their information security. The requirements are generally applicable and apply to private as well as public companies or non-profit institutions.