Sign inRegister for free

Security and Trust

At eFirma we store data that is central to running your business - invoices, reports, and supporting documents. This page describes where that data lives, how we protect it, and how we comply with GDPR.

Hosting and data location

  • The application and database (PostgreSQL) run in an Amazon Web Services (AWS) data centre in Frankfurt, Germany.
  • File attachments - invoices, scans, and other documents - are stored on Amazon S3 in the same region (eu-central-1).
  • All data stays within the European Union.

Encryption

  • In transit: All communication between your browser and our servers is protected with HTTPS/TLS.
  • At rest: Both the database and file storage are encrypted with AES-256.

Access control

  • Each user can access only the companies they have been added to.
  • Within each company, we enforce a role-based access model.
  • Sessions are short-lived and refreshed while the user is active.
  • Passwords are stored as cryptographic hashes, never in plain text.

GDPR

eFirma Ltd (UIC: 207862678) processes your personal data in accordance with the EU General Data Protection Regulation (GDPR). Our Privacy Policy covers in detail what data we collect, how we use it, and what rights you have.

Backups

The database is backed up on a regular schedule. Backups are kept in the AWS Frankfurt region.

Security or compliance questions

Have a question that is not covered here - for example for a vendor assessment or an internal security questionnaire? Get in touch via our contact page and we will get back to you.