Security & Compliance
Hubrix is built for European enterprises with security and GDPR compliance as foundational requirements — not afterthoughts.
Download Security Documents
| Document | Description | Download |
|---|---|---|
| Security Whitepaper v1.0 | Full security architecture, encryption, GDPR, sub-processors | Download PDF |
| Data Processing Agreement (DPA) | GDPR Art. 28 compliant DPA template, ready to sign | Download PDF |
Key Security Facts
| Hosting | Hetzner Cloud, Helsinki, Finland (EU/EEA) |
| Encryption in transit | TLS 1.3 on all endpoints |
| Encryption at rest | AES-256 (Hetzner infrastructure) |
| GDPR compliance | Art. 15, 17, 20, 25, 32 implemented |
| Authentication | Google SSO, Microsoft Entra SSO, TOTP 2FA |
| Audit logging | All user actions logged |
| Backups | Daily automated, off-site copy |
| Infrastructure cert | Hetzner: ISO 27001, ISO 27017, ISO 27018 |
GDPR Compliance
As a Dutch company, Oceanic Consulting VOF operates under EU jurisdiction and is directly subject to GDPR. We implement:
- Right to Access (Art. 15) — Data export from user settings
- Right to Erasure (Art. 17) — Account deletion with full data purge
- Right to Portability (Art. 20) — JSON/CSV export
- Privacy by Design (Art. 25) — Built-in, not bolted-on
- Data Security (Art. 32) — Technical and organisational measures
Request a Signed DPA
Enterprise customers can request a signed Data Processing Agreement:
Email: dev@oceanicco.nl
Subject: DPA Request — [Your Company Name]
Response time: Within 2 business days
Sub-processors
Key sub-processors: Hetzner (hosting, EU), Cloudflare (CDN/WAF), Stripe (payments), Resend (email). Full list in the Security Whitepaper.
Security Controls
Invite-only sign-up — Hubrix does not allow self-registration. Every user must be invited by a workspace admin.
Role-based access — workspace members are either Members or Admins. Admins manage users, billing, and connectors.
Multi-factor authentication — TOTP 2FA available for all accounts. See MFA for setup.
SSO — Google and Microsoft Entra SSO supported. See SSO for details.
Session management — view and revoke active sessions per device. See Sessions.
GDPR rights portal — data export, account deletion, and portability built into user settings. See GDPR Rights.
Security Contact
For vulnerability reports or security questions:
dev@oceanicco.nl
Organisation-wide security policy enforcement (mandatory MFA, SSO-only login) is available on Enterprise plans. Contact dev@oceanicco.nl for details.
Was this helpful?