Security and access

Control Who Can
See and Change Data.

Your data stays in the EU. Access is set by role. Important changes are logged. Participant records, invoices, certificates, and renewals stay ready for review.

Book a Demo See all features arrow_forward

Infrastructure

100% EU

Audit Logs

Immutable

Uptime SLA

99.9%

arrow_downward Jump to Security & Compliance Pack

Security

Security Posture

Secure

cloud

EU Hosting

100%

shield

GDPR

Architectural

history

Audit Trails

Immutable

admin_panel_settings

RBAC

Enforced

A CompetenceFlow team member working with headphones at a desk in the Oulu office in Finland

Security built in, not bolted on

Security is built into how training records are handled.

lock

EU-Native Hosting

100% EU-hosted. Data never leaves European jurisdiction. Immune to the U.S. CLOUD Act.

shield

GDPR by Architecture

Consent, data minimisation, and the right to erasure are handled in the product, not in a separate spreadsheet.

history

Audit Trails Nobody Can Edit

Every action is logged and the log cannot be changed. A full record, ready for a review.

Who can do what

admin_panel_settings

Access by Role

Set permissions by organisation, department, and role. SSO, BankID, and regional e-ID included.

verified

Ready for Audits

Ready-made templates and evidence trails for Qualiopi, AZAV, and other national quality frameworks.

api

Open APIs

Full REST and GraphQL access, JSON-native. Connect your LMS, CRM, and accounting software with no lock-in.

encrypted

Data Encryption

Encrypted at rest and in transit. Each customer's data kept separate. Regular pen testing. BSI C5 and SecNumCloud aligned.

Ready for the rules that apply to you

NIS2 Network and information security for essential services

DORA Operational resilience for financial services supply chains

EU Data Act Take your data with you, no lock-in, help to move

handshake

EU Data Act Compliant. No Lock-In.

We keep customers by being worth it, not by trapping them. Fully EU Data Act compliant, and we go further than the rules require.

check_circle No lock-in. Leave any time.
check_circle Full data export in portable formats.
check_circle We help you move, even to a competitor.

Procurement Ready

Security & Compliance Pack

Security answers for IT, legal, and compliance review.

verified_user

Certifications & Controls

ISO/IEC 27001 certified
Covers infrastructure, development, and operations
Statement of Applicability available under NDA
Annual third-party audits

policy

GDPR & Data Protection

We process; you control
DPA included with all contracts
Subprocessor changes notified in advance
Access, rectification, portability, erasure
DPIA support on request

cloud_done

Hosting & Data Residency

All data in EU/EEA data centres
No transfers outside EU/EEA
Contractual residency guarantees
Isolated from non-EU legal frameworks

admin_panel_settings

Access Control & Auditability

RBAC by organisation, department, role
Least privilege by default
Logs: admin actions, auth events, permission and data changes
Exportable in standard formats

security

Security Operations

Documented incident response
Vulnerability management
Secure SDLC with code review and dependency scanning
Security training for all production staff

backup

Reliability & Continuity

Automated backups with point-in-time restore
Tested disaster recovery
99.9% uptime SLA (plan-dependent)
Annual continuity plan review

gavel

Legal & Commercial

DPA with all contracts

Security questionnaire support

Custom enterprise terms on request

References available under NDA

Procurement FAQ

Common questions from security, legal, and IT teams.

Core features

The training records security protects

Security needs to cover the whole training lifecycle: course setup, booking, participant data, trainer qualifications, invoices, certificates, and renewal communication.

event_available