Security

Your Data, Your Control

Built with security and GDPR compliance from the ground up. EU-hosted, encrypted, and transparent.

EU Data Residency

Our infrastructure is hosted on servers in Germany. Your data never leaves the European Union. Full GDPR/DSGVO data residency compliance.

When you self-host Get-Hub.io, your data stays on your own infrastructure — giving you complete control over data location and sovereignty.

GDPR / DSGVO Compliance

  • Cookie consent management with granular controls
  • Data processing agreements available
  • Right to data portability and deletion
  • Transparent privacy policy (DE + EN)
  • No third-party data sharing

Encryption & Transport Security

  • HTTPS everywhere with automatic Let's Encrypt SSL
  • HSTS preload enabled (1 year, including subdomains)
  • Encrypted model fields for sensitive data (API keys, tokens)
  • Secure session cookies with HttpOnly flag

Security Headers

X-Content-Type-Options: nosniff

X-Frame-Options: DENY

X-XSS-Protection: 1; mode=block

Referrer-Policy: strict-origin-when-cross-origin

Permissions-Policy: geolocation=(), microphone=(), camera=()

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

Access Control

  • Role-based workspace access (Owner, Admin, Member, Viewer)
  • OAuth2 authentication (GitHub, Google)
  • API token authentication with scoped permissions
  • Rate limiting on API and authentication endpoints

Report a Vulnerability

Found a security vulnerability? We take security seriously and appreciate responsible disclosure.

security@get-hub.io