Architecture

Security &
Governance.

GDPR compliance by architecture. EU-native data residency. Immutable audit trails. Role-based access control. CompetenceFlow turns regulatory compliance from a manual burden into a structural advantage.

Request Demo Platform Overview arrow_forward

Infrastructure

100% EU

Audit Logs

Immutable

Uptime SLA

99.9%

arrow_downward Jump to Security & Compliance Pack

Governance

Security Posture

Secure
cloud

EU Hosting

100%
shield

GDPR

Architectural
history

Audit Trails

Immutable
admin_panel_settings

RBAC

Enforced

Security that is structural, not bolted on

Security, sovereignty, and compliance are built into the data model — not configured after deployment.

lock

EU-Native Hosting

100% EU-hosted. Data never leaves European jurisdiction. Immune to the U.S. CLOUD Act.

shield

GDPR by Architecture

Consent, data minimization, and right-to-erasure built into the data model. Not a toggle — a structural guarantee.

history

Immutable Audit Trails

Every action is recorded in a tamper-proof log. Full provenance for regulatory review.

Governance capabilities

admin_panel_settings

Role-Based Access Control

Granular permissions by organisation, department, and role. SSO, BankID, and regional e-ID included.

verified

Audit-Ready Workflows

Pre-built templates and evidence trails for Qualiopi, AZAV, and other national quality frameworks.

api

Open APIs

Full REST/GraphQL access. JSON-native. Connect to LMS, CRM, and accounting systems with no lock-in.

encrypted

Data Encryption

Encryption at rest and in transit. Tenant isolation. Regular pen testing. BSI C5 and SecNumCloud aligned.

Regulatory Readiness

NIS2 Network and information security for essential services
DORA Operational resilience for financial service supply chains
EU Data Act Full data portability, no lock-in, transition assistance
handshake

EU Data Act Compliant — Zero Lock-In Guarantee

We keep customers by delivering value, not by trapping them. Fully EU Data Act compliant — and we go beyond what the regulation requires.

  • check_circle No lock-in. Leave any time.
  • check_circle Full data export in portable formats.
  • check_circle Active transition help — even to a competitor.
Procurement Ready

Security & Compliance Pack

Controls, privacy posture, and operational assurances — ready for procurement.

verified_user

Certifications & Controls

  • ISO/IEC 27001 certified
  • Covers infrastructure, development, and operations
  • Statement of Applicability available under NDA
  • Annual third-party audits
policy

GDPR & Data Protection

  • We process; you control
  • DPA included with all contracts
  • Subprocessor changes notified in advance
  • Access, rectification, portability, erasure
  • DPIA support on request
cloud_done

Hosting & Data Residency

  • All data in EU/EEA data centres
  • No transfers outside EU/EEA
  • Contractual residency guarantees
  • Isolated from non-EU legal frameworks
admin_panel_settings

Access Control & Auditability

  • RBAC by organisation, department, role
  • Least privilege by default
  • Logs: admin actions, auth events, permission and data changes
  • Exportable in standard formats
security

Security Operations

  • Documented incident response
  • Vulnerability management
  • Secure SDLC with code review and dependency scanning
  • Security training for all production staff
backup

Reliability & Continuity

  • Automated backups with point-in-time restore
  • Tested disaster recovery
  • 99.9% uptime SLA (plan-dependent)
  • Annual continuity plan review
gavel

Legal & Commercial

DPA with all contracts
Security questionnaire support
Custom enterprise terms on request
References available under NDA

Procurement FAQ

Common questions from security, legal, and procurement teams.

A platform your security
team can endorse.

See how CompetenceFlow meets European security, sovereignty, and governance requirements.

Request Demo