Safeguarding your data with industry-leading security protocols

Your data security is our top priority. We provide a secure, scalable cloud platform with robust measures to ensure your data is protected, encrypted, and secure.

We implement rigorous security measures to protect your data, ensuring trust and responsibility in every interaction.

Security by design, privacy by default

Everything we make is "privacy by design". We test our code rigorously with automatic and user testing, and employ third party testers to eliminate security holes.

Fortified data protection powered by Azure

Microsoft Azure powers our cloud platform with exceptional security and reliability. Azure's versatile platform is certified for hosting sensitive data in various countries, underscoring our commitment to safeguarding your information.

Rock-solid encryption for your peace of mind

We ensure your data is always secure with top-tier encryption. Everything is protected with HTTPS and TLS while in transit, and encrypted at rest in Azure data centers. Your information is safe, always.

Access-control for maximum security

We limit data access to authorized staff only, seek your consent before making changes, and carefully vet third-party suppliers to ensure they meet our security and privacy standards.

24/7 monitoring and automatic incident reporting

Our team vigilantly monitors your security 24/7, swiftly tackling any issues that arise. We continuously update our Data Protection Plan, ensuring we’re always ready to handle any incident with precision and expertise. Your security is our top priority.

Customer data security FAQs

Fotoware SaaS is currently available in the following Microsoft Azure Regions:
- US East
- EU West
- Germany
- Australia East
Data will not be moved outside these regions.

Note: Under the General Data Protection Regulation, the EU/EEA is defined as a single zone, which means that a data center within the EU is sufficient to meet the GDPR requirements. However, German law dictates that certain businesses must host their data in a German data center, in which case data can be stored in a German Azure data center.
Fotoware stores all data from its operational systems on Fotoware's own servers in the Azure cloud, or on Azure PaaS Services.

More information on Azure security can be found in Microsoft's Azure security documentation.

We also use several sub-processors to provide supportive services for our SaaS offering, among other things for email services and for the services used to operate our customer support center. Your rights of access, to erasure and to portability under GDPR are maintained through your contract with Fotoware.

We are also in the process of implementing a DPIA scheme (Data Protection Impact Assessment), which will be reviewed and updated regularly to keep us on top of security matters.
Fotoware SaaS runs on the Microsoft Azure cloud platform. Fotoware SaaS customers who upload data to the tenant can rest assured that the data is encrypted in transit and at rest.

If a customer wishes to assign a custom domain name to the tenant, we will assist in installing a trusted certificate on the server infrastructure for secure, encrypted client-server connections. In addition, data is encrypted on the Azure Cloud when it is committed to storage. When the data is requested it is decrypted on demand.

Additional information on encryption for data at rest can be found in the Microsoft Azure documentation.
Fotoware support personnel has access to the server infrastructure, and as such can access your data from a technical standpoint. However, Fotoware has strict routines and enforces auditing and logging of access to prevent unauthorized access. In cases where the customer has explicitly approved such access, for example in connection with a troubleshooting scenario, explicit consent will be obtained. Fotoware enforces strict access control to both its internal systems, and its customers' cloud tenants. We maintain administrative, physical and technical safeguards to protect the security, confidentiality and integrity of our customers' data. They include, but are not limited to, measures for preventing access, use, modification or disclosure of customer data except for the purpose of providing Fotoware's services and prevent or address technical problems.

The Data Discipline Declaration signed by all employees states that data must only be used for the purpose for which they were collected, and only for purposes and by users to which the customer/partner has given consent. FotoWare will ensure that access to systems that expose customer data is limited, logged and audited so we can tell who accessed the server, at what time and for what purpose. In the event of infrastructure maintenance, Fotoware will advance inform all affected Customers about the allotted service window by email.

The main takeaway is that we will always ask for consent before accessing your personal data.
We would be sorry to see you go, naturally. But we'll do our best to make your data migration as smooth as possible. We will help you move your data to a server of choice and discuss the available options for doing a one-time data migration from our cloud storage. After transferring your data, we will delete the tenant and erase all the data you had on our servers.
Yes, and we have an obligation to do so under GDPR. That said, customers can easily retrieve data in the SaaS tenant themselves by searching for, retrieving and deleting content. Typically, one would make sure data fed into the system has sufficient metadata governance to facilitate easy retrieval of the data. This is the very nature of a Digital Asset Management system such as Fotoware. By default, data can only be deleted by archive managers (members of the FotoWeb DAM Managers group). Fotoware can also assist in the retrieval of data by offering guidance on search methods, given that the metadata stored with the assets is sufficient to retrieve it. Fotoware support engineers, who will typically be involved in such an undertaking, will not access your data, modify or delete it without your explicit prior consent.

Typically, though, Fotoware will assist the customer in implementing a metadata governance scheme at the time of deployment of the service, so that customers can themselves perform data retrieval and deletion without requiring the assistance of Fotoware.
Our customers' privacy is paramount to our business. To that end, we are designing all our solutions with privacy in mind. By following the concept of Privacy by design, the impact of a potential data breach can be kept to an absolute minimum. When we design new features, the protection of data privacy is always a central part of the planning and development process.
We are continually working to hone our routines to better cope with the prospect of a data breach.

While we currently have data security assessment routines in place, we are bringing these in line with GDPR to help us stay conscious and alert to areas where we need to improve.