Security & compliance: Built into everything we do

• US East
• EU West
• Germany
• Australia East

Data will not be moved outside these regions.

Note: Under the General Data Protection Regulation, the EU/EEA is defined as a single zone, which means that a data center within the EU is sufficient to meet the GDPR requirements. However, German law dictates that certain businesses must host their data in a German data center, in which case data can be stored in a German Azure data center.

Our support staff technically can access customer data, but only under strict controls.

Access is limited, logged, and audited — and it only happens with your explicit consent, for example during troubleshooting.

All employees sign a Data Discipline Declaration, and we enforce strict safeguards to protect the confidentiality and integrity of your data.

Fotoware stores all data from its operational systems on Fotoware's own servers in the Azure cloud, or on Azure PaaS Services.

More information on Azure security can be found in Microsoft's Azure security documentation.

We also use several sub-processors to provide supportive services for our SaaS offering, among other things for email services and for the services used to operate our customer support center. Your rights of access, to erasure and to portability under GDPR are maintained through your contract with Fotoware.

We are also in the process of implementing a DPIA scheme (Data Protection Impact Assessment), which will be reviewed and updated regularly to keep us on top of security matters.

Fotoware SaaS runs on the Microsoft Azure cloud platform. Fotoware SaaS customers who upload data to the tenant can rest assured that the data is encrypted in transit and at rest.

If a customer wishes to assign a custom domain name to the tenant, we will assist in installing a trusted certificate on the server infrastructure for secure, encrypted client-server connections. In addition, data is encrypted on the Azure Cloud when it is committed to storage. When the data is requested it is decrypted on demand.

Additional information on encryption for data at rest can be found in the Microsoft Azure documentation.

Yes, all data that is stored on the Azure cloud is made redundant. The data that you upload to your Fotoware SaaS site is thus replicated in multiple copies to prevent data loss in the event of hardware failure.

Yes. Under GDPR, we are obligated to support deletion requests.

In most cases, customers can search for and delete content directly within their SaaS tenant, as long as metadata governance is in place.

If needed, Fotoware can provide guidance — but our engineers will never access, modify, or delete your data without your explicit consent.

We prevent breaches by building privacy into our software from the start and continuously monitoring for risks.

Privacy by design: Data privacy is a core part of our feature design and development process, our systems are monitored around the clock, and strict routines are in place to detect and respond quickly.

We regularly review and improve our processes to stay aligned with GDPR, so if a breach were ever to occur, its impact would be minimal and customers would be notified promptly.