Security and Data Protection
B2B platforms process sensitive business data: customer-specific prices, order volumes, delivery addresses and in some cases industry-specific compliance information. Protecting this data is our highest priority. The following questions explain what concrete measures we take to safeguard your platform and your customers' data.
- Where is the B2B shop data hosted? All our solutions are operated on servers in German data centers. The data centers feature redundant power supply, climate control and network connectivity. By choosing locations in Germany, all data is subject to the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). On request, we implement geo-redundant backup strategies with mirroring to a second German data center.
- What GDPR measures are implemented by default? Our B2B shops are developed to be GDPR-compliant from the ground up. This includes encrypted data transfer via TLS, cookie consent management with granular control, data subject access and deletion functions for personal data, processing records and data processing agreements. We also practice data minimization: only data that is actually required for the business purpose is collected and stored.
- How is the shop protected against attacks? We implement a multi-layered security concept: Web Application Firewall (WAF) for protection against common attack vectors, regular automated vulnerability scans, prompt installation of security updates, rate limiting against brute-force attacks and IP-based access restrictions for the admin backend. Additionally, we conduct manual security audits before go-live and at regular intervals.
- Is there a backup concept for emergencies? Yes, every platform we maintain has a multi-tier backup concept. Daily full backups of the database and file systems, hourly incremental backups and transaction logs enable restoration to virtually any point in time. Recovery is regularly tested to ensure backup functionality. Documented emergency runbooks describe the procedures in case of an incident.
- Can access rights in the shop be assigned in a differentiated manner? Yes, role-based access control is a core component of our B2B solutions. We implement differentiated authorization systems that mirror your customer's organizational structure: administrators, buyers, orderers with budget limits and read-only users. Every action is logged and can be traced for audit purposes. Integration with existing directory services such as Active Directory or LDAP is also possible.
- How are sensitive data like prices and conditions protected? Customer-specific prices, discount conditions and contract details are only visible to the respective logged-in customer. Unauthenticated visitors or customers without appropriate authorization have no visibility into individual conditions. Data transfer between shop and ERP is encrypted, and API endpoints are secured through token-based authentication and IP whitelisting.