Security & privacy — EU hosting, encryption, GDPR-ready

Boring on purpose. Reviewed anyway.

We are a small team, but we do not take shortcuts on the things that hurt people when broken. Every conversation is encrypted in transit and stored in the EU, secrets like AI keys are sealed with AES-256-GCM, privileged actions land in an audit log, and every employee with database access signed an NDA.

Encryption

TLS 1.3 in transit. Disk and backups encrypted at the infrastructure layer, in the EU. Stored AI provider keys sealed with AES-256-GCM — even we can't read them.

EU data residency

Postgres, backups and email all sit in the EU — Hetzner Falkenstein DE, Amazon SES eu-west-1. Payments run through Stripe (US) under EU Standard Contractual Clauses. CDN edges only serve the static widget bundle.

Tenant isolation

Every read and write is scoped to your workspace at the application layer. API keys and sessions are each bound to a single organization, so one tenant can never reach another's data.

Audit log

90-day searchable history. Sign-ins, API keys, data exports, billing and settings changes each land a row — filterable by actor and time.

GDPR built-in

DPA ready to read and sign. Sub-processor list public. Data export and right-to-erasure are buttons in your dashboard, not a support ticket.

Account protection

Rate-limited auth throttles password-guessing per IP. Optional TOTP two-factor with single-use recovery codes. Every sign-in lands in the audit log with device and IP.

Found something? Tell us.

Email [email protected] with steps to reproduce. We acknowledge within 24h and fix critical issues within 7 days. Every valid report gets credit in our disclosure thanks, and a reward where the severity warrants it. We do not threaten or sue researchers acting in good faith.

PGP key available on request · scope: muro.chat