Platform and data security gmbh uses industry best practices to ensure its security. This document describes the measures we take to prevent your data from falling into the wrong hands.

Physical security

Server and network security gmbh hosts the majority of its applications at hosttech GmbH. hosttech provides state-of-the-art data center security that meets industry standards such as SOC, PCI DSS and ISO 27001. All responsibility for physical network and server security for these parts of the application is delegated to hosttech.

Network Security

Similar to the security of our physical network, the majority of our virtual network security is handled by hosttech. hosttech provides fully isolated environments in which we deploy our applications.

In addition to the security measures described above, gmbh implements various other best practice measures to further ensure the security of your data:

Change control

We capture all configurations in code to ensure visibility into underlying network and infrastructure changes. It is entered into version control, and all changes are tested for security, scalability, and durability before deployment. We also thoroughly test all changes in a dedicated staging environment before deploying them to the production environment.

Server security

Security patching gmbh servers are automatically and continuously patched with the latest security updates. This ensures that we can minimize our exposure to known vulnerabilities.

Application security

Change control

Since this is a web application, code changes are made and deployed continuously. Updating to the latest version requires nothing more than updating the browser.

Design and development

New features and changes are carefully planned and designed. After approval, development begins and all code is checked into version control.


All code changes are peer reviewed for quality, performance and correctness. The code is also reviewed from a security perspective.

After publication

Feedback and bug reports are collected from customers, and changes and corrections are made as necessary.

Authentication and authorization


The main registration method of is by mobile phone number and OTP code.

Email address and password are used only for registration. Your password will never be stored in plain text.

If you forget your password, you can reset it by providing the email address associated with your account. A link with a cryptographic token will be sent to the specified address, which you can use to reset your password.

Multi-factor authentication (MFA)

MFA is mandatory for registration. This applies to the phone number and e-mail address.


Once a user is logged in, gmbh stores session tokens as secure, HTTP-only cookies in the user’s browser to identify them as authorized to access the site. This is further protected by the use of CSRF (Cross Site Request Forgery) tokens and strict CORS policies to prevent cross-domain requests and unauthorized use of the cookie. Cookies expire after two weeks, which means that users are automatically logged out.

Data Sanitization

The data entered by the user can be stored in a database and replayed in the browser. This can open the possibility for SQL injection and cross-site scripting (XSS) attacks. All data entered into databases or rendered in HTML is sanitized accordingly.

Logging and monitoring

To create an audit trail and enable quick investigation of potential threats or issues, all requests to services are securely logged and contain enough information to recover events.

Information that may be logged includes IP addresses, request headers, request payloads, device information, status codes, response times, and failed login attempts. We never log confidential or sensitive data. All logs are retained and backed up for the duration of their usefulness. In addition, error rates and performance metrics are constantly monitored to ensure you have the best end-user experience possible.


This is supported by service level agreements that ensure uptime. Nevertheless, downtime may occur in exceptional cases.

For this reason, we have designed all our services to be highly available and fail-safe. All hosts and applications are constantly monitored for availability. Should a failure occur, an automatic fallback is initiated. This strategy mitigates both instance-level and data center-level failures.

In addition, the services that make up the application are monitored with an external tool that controls uptime from multiple locations around the world. If an outage occurs, a technical staff member is immediately notified and, depending on the severity of the outage, a solution is found as soon as possible. gmbh strives to maintain an annual uptime of 99%.


From the beginning, we designed the Platform to meet the big data requirements associated with processing, hosting, analyzing and delivering survey data around the world.

Information Security gmbh classifies all information submitted by users as confidential and important. We use several methods to ensure that customer data is available and secure at all times:

Data storage and transmission

All data transmitted to and from the platform is encrypted and securely transmitted via HTTPS with TLSv1 or higher, 128-bit cipher or higher depending on the client. All internal data transfers between services are also protected by encryption.

After transmission, all data is stored securely. The databases are also password protected and access is only possible from IP addresses that are on the whitelist. Access and permissions to modify or delete data are delegated only when necessary and according to the principle of least privilege.

All data to be processed or displayed is stored in Switzerland.

Privacy gmbh complies with all local data protection laws, including the General Data Protection Regulation (GDPR), and is committed to keeping your personal data safe and secure. For more information, please see our Privacy Policy.

Data breaches

In the event of unauthorized access to your data, we will notify you as soon as possible after becoming aware of the problem.

Any questions? Please contact for more information.