Security & certificates
Concrete things we do to keep your data safe — not slogans, mechanisms.
Transport security (TLS)
- HTTPS-only. Every Buronia subdomain (buronia.com, germany.buronia.com, spain.buronia.com, finland.buronia.com, lithuania.buronia.com) redirects HTTP to HTTPS. We do not accept plaintext requests.
- TLS 1.2 / 1.3. Older protocols (TLS 1.0, 1.1, all SSL versions) are rejected at the nginx layer.
- HSTS with
includeSubDomains; preloadtells browsers to refuse plaintext for one year. - Certificate issued by Cloudflare, auto-rotated every 90 days. You can verify the chain at ssllabs.com.
Encryption at rest
- Sensitive form fields (national ID numbers, IBANs, disability status under GDPR Art. 9) are encrypted with AES-256-GCM in the application database before they hit disk.
- Encryption keys live in the server environment, separated from the database. A database dump alone is not enough to read the sensitive columns.
- The Hetzner data-center disks are themselves encrypted at the hardware level, providing defense in depth.
Authentication
- No passwords. Buronia uses email magic-link sign-in (single-use 6-digit code with a 30-minute expiry). No password database to leak.
- HttpOnly + Secure + SameSite=Lax cookies. Session tokens cannot be read by JavaScript or sent cross-site.
- Rate-limited. Repeated failed code attempts throttle the account.
Access control
- Drafts and uploaded documents are scoped to the user_id of the authenticated session. The dashboard cannot list another user's drafts even if a draft_id is guessed.
- Production servers are reachable only via SSH key; no password authentication. SSH keys are rotated quarterly.
- Database access requires a privileged Unix user; the Flask application runs as a separate, unprivileged user.
Sub-processors
Where we hand off data to a third party, we use only providers under GDPR Standard Contractual Clauses or in adequacy-decision countries. Current sub-processors:
| Provider | Purpose | Region |
|---|---|---|
| Anthropic (Claude) | Buronia drafting of your benefit application | USA — under DPA with SCCs |
| Stripe | Payment processing for the €19 unlock | EU + USA — under DPA with SCCs |
| Resend | Sign-in emails (no marketing) | EU — domain verified for buronia.com |
| Hetzner | Server hosting | EU (Germany, Finland) |
| Cloudflare | DNS, TLS termination, DDoS protection | Global — under SCCs |
Backups & data retention
- Application data (drafts, uploads) is auto-deleted 30 days after last activity.
- Encrypted offsite backups are retained for 14 days, then permanently destroyed.
- You can request immediate deletion at any time (dpo@buronia.com).
Reporting a vulnerability
Found something? Email security@buronia.com. We aim to acknowledge within 48 hours. We will not pursue legal action against good-faith security researchers who follow responsible-disclosure norms.
Country-specific compliance
Germany (BDSG) · Spain (LOPDGDD) · Finland (Tietosuojalaki) · Lithuania (ADTAĮ).