Security & Subprocessors - FindForce.io
Security Overview
FindForce implements comprehensive security measures to protect your data throughout its lifecycle.
Infrastructure Security
- Data Centers: EU-based infrastructure (Hetzner, Germany)
- Network Protection: CloudFlare CDN and DDoS mitigation
- Encryption Standards: TLS 1.3 for data in transit, AES-256 for data at rest
- Access Controls: Role-based access with principle of least privilege
Application Security
- Encrypted password storage using industry-standard hashing
- Secure session management and authentication
- Regular security updates and patch management
- Automated backup and disaster recovery procedures
Organizational Security
- Security awareness training for all personnel
- Incident response procedures with 72-hour breach notification
- Regular security assessments and monitoring
- Vendor security evaluation for all third-party services
Subprocessor Directory
We carefully select subprocessors who meet our security and privacy standards.
Infrastructure Services
Hetzner Online GmbH
- Purpose: Primary infrastructure hosting
- Location: Germany (European Union)
- Data Processed: All application data
- Compliance: ISO 27001 certified
CloudFlare, Inc.
- Purpose: Content delivery network and security services
- Location: Global network (data processed at edge locations)
- Data Processed: Traffic routing and DDoS protection
- Compliance: SOC 2, ISO 27001
Payment Processing
Lemon Squeezy, LLC
- Purpose: Subscription management and payment processing
- Location: United States
- Data Processed: Billing information and payment details
- Compliance: PCI DSS Level 1
Mailing Services
Maileroo
- Purpose: Transactional email delivery
- Location: European Union
- Data Processed: Email communications
- Compliance: GDPR compliant
Analytics
PostHog, Inc.
- Purpose: Website analytics and extension telemetry
- Location: European Union
- Data Processed: Website visitor behavior, extension usage patterns, feature interactions, error logs
- Compliance: SOC 2 Type 2, GDPR compliant, ISO 27001
- Website Analytics: Consent-based via cookie banner
- Extension Telemetry: Opt-out available in extension settings
- Data Retention: 7 years (configurable, we use shorter periods)
Development Tools
GitHub, Inc.
- Purpose: Source code repository
- Location: United States
- Data Processed: No customer data (code only)
- Compliance: SOC 2 Type 2
Compliance Standards
- GDPR Compliance: Full compliance with EU data protection regulations
- Data Residency: Primary data processing within the European Union
- Data Transfer Safeguards: Standard Contractual Clauses for international transfers
- Incident Response: 72-hour breach notification commitment
Analytics Data Protection
- Data Minimization: Only essential metrics collected
- IP Anonymization: IP addresses truncated for privacy
- No Cross-Site Tracking: Analytics limited to our domain
- Consent Management: Granular consent for website analytics
- Opt-out Mechanisms: Easy withdrawal of consent
- Data Retention: Limited to operational necessity
Subprocessor Updates
Material changes to our subprocessor list will be communicated via email to all active customers with reasonable advance notice.
Contact Information
General Support
support@findforce.ioPrivacy Inquiries
privacy@findforce.ioLegal Matters
legal@findforce.ioDeveloper Friendly OĆ
Registry Number: 16511866
Address: Harju maakond, Tallinn, Kesklinna linnaosa, Kiriku tn 6, 10130
Country: Estonia šŖšŖ
NOTE: This document is regularly reviewed and updated to reflect our current practices.