Security & Privacy
Enterprise-grade security with Swiss privacy standards and full GDPR compliance
Security-First Architecture
At PartnerBook, security and privacy are not afterthoughtsβthey are foundational principles of our platform architecture. We handle sensitive business information with the highest level of protection.
Our infrastructure is hosted in Switzerland, leveraging the world's strongest data protection laws, and we maintain full GDPR compliance for European customers.
π¨π Swiss Privacy Foundation
Swiss Data Hosting
All data stored exclusively on Swiss servers, subject to Swiss Federal Data Protection Act (FADP).
- Tier-3+ certified data centers in Switzerland
- No data transfer to third countries without consent
- Protected by Swiss banking secrecy standards
- Jurisdiction outside US Cloud Act and FISA
Swiss-EU Privacy Shield
Switzerland recognized as providing adequate data protection level by EU.
- Automatic adequacy decision under GDPR Art. 45
- No additional safeguards needed for EU data
- Stronger protection than EU standard
- Independent supervision by FDPIC
GDPR Compliance
Full compliance with EU General Data Protection Regulation (GDPR):
β Core GDPR Principles
- Lawfulness, Fairness, Transparency: Clear privacy policy, explicit consent, user control
- Purpose Limitation: Data collected only for specified, legitimate purposes
- Data Minimization: Collect only data necessary for platform functionality
- Accuracy: Users can update/correct their data anytime
- Storage Limitation: Data retained only as long as necessary
- Integrity & Confidentiality: Encryption, access controls, security audits
- Accountability: DPO appointed, records of processing activities maintained
β User Rights Under GDPR
Right to Access
Download all your data in machine-readable format (JSON/CSV) anytime via self-service portal.
Right to Rectification
Update, correct, or modify your data directly in the platform.
Right to Erasure
Request complete account deletion ("right to be forgotten"). Executed within 30 days.
Right to Portability
Export your data to use with other services or platforms.
Right to Object
Opt-out of automated decision-making, profiling, or marketing communications.
Right to Restrict Processing
Temporarily suspend data processing while disputes are resolved.
Data Protection Officer: privacy@partnerbook.com
Technical Security Measures
π Encryption
- In Transit: TLS 1.3 for all communications (API, web, mobile)
- At Rest: AES-256 encryption for all stored data
- End-to-End: Direct messages encrypted client-side, keys never stored
- Passwords: Bcrypt hashing with per-user salt (cost factor 12)
π‘οΈ Access Control
- Authentication: JWT tokens with short expiration (2 hours default)
- Multi-Factor Authentication (MFA): Available for all accounts
- Role-Based Access Control (RBAC): Granular permissions per user
- Session Management: Automatic logout, single session enforcement option
- API Security: Rate limiting, API key rotation, request signing
π Monitoring & Auditing
- Security Logging: All access attempts logged with immutable audit trail
- Anomaly Detection: ML-based detection of suspicious activities
- Real-Time Alerts: Immediate notification of security events
- Audit Trail: Complete history of data access and modifications
- Penetration Testing: Quarterly external security assessments
β‘ Infrastructure Security
- DDoS Protection: Cloudflare Enterprise with automatic mitigation
- Firewall: WAF (Web Application Firewall) with OWASP ruleset
- Network Isolation: Private VPC, database not publicly accessible
- Backups: Automated daily backups, encrypted, geographically distributed
- Disaster Recovery: RTO < 4 hours, RPO < 1 hour
Compliance & Certifications
β GDPR Compliant
Full compliance with EU General Data Protection Regulation. DPO appointed, regular audits.
π SOC 2 Type II
In Progress: Expected certification Q3 2026. Annual audits planned.
π¨π Swiss FADP
Compliant with Swiss Federal Data Protection Act and revised nFADP (2023).
π ISO 27001
Roadmap: Certification planned for 2027 as company scales.
Development Security Practices
- Secure SDLC: Security integrated into every phase of development
- Code Reviews: All code peer-reviewed before deployment
- Dependency Scanning: Automated CVE detection in third-party libraries
- Static Analysis: SAST tools scan for security vulnerabilities
- Dynamic Testing: DAST tools test running application
- Security Training: All developers complete annual security training
Incident Response
We maintain a formal incident response plan:
- Detection: Automated monitoring and alerting systems
- Containment: Immediate isolation of affected systems
- Investigation: Root cause analysis by security team
- Remediation: Fix vulnerabilities, restore services
- Communication: Notify affected users within 72 hours (GDPR requirement)
- Post-Mortem: Document lessons learned, update procedures
Report Security Issues: security@partnerbook.com
Data Retention & Deletion
- Active Accounts: Data retained as long as account is active
- Inactive Accounts: After 24 months of inactivity, account deactivation notice sent
- Deleted Accounts: Data deleted within 30 days of deletion request
- Backups: Backups retained for 90 days, then permanently deleted
- Legal Holds: Data retained longer only if required by law
- Anonymization: Aggregated analytics data anonymized (no personal identification possible)
Third-Party Processors
We work only with GDPR-compliant sub-processors:
| Service | Purpose | Location | Safeguards |
|---|---|---|---|
| Hosting Provider | Infrastructure | π¨π Switzerland | ISO 27001, Tier-3+ |
| Email Provider | Transactional Emails | πͺπΊ EU | GDPR DPA |
| CDN | Static Assets | Global (EU nodes) | GDPR DPA, EU data residency |
Complete list of sub-processors: View All
Security & Privacy Contacts
- Data Protection Officer (DPO): privacy@partnerbook.com
- Security Issues: security@partnerbook.com
- GDPR Requests: gdpr@partnerbook.com
- General Privacy Questions: support@partnerbook.com
Your Data, Your Control
Experience business networking with Swiss privacy standards