Sign InBook a Demo
Security & Privacy

Trust & Security

Your supply chain data is sensitive. Plotwiser protects it with EU-hosted infrastructure, strict access controls, and transparent data practices.

EU-Hosted Infrastructure

  • All data stored and processed in EU data centers (Germany)
  • PostgreSQL with PostGIS for geospatial data — no shared tenancy
  • No data leaves the EU — processing, storage, and application logic all within EU jurisdiction
  • TLS 1.3 encryption for all data in transit

Data Protection

  • Passwords hashed with bcrypt — never stored in plaintext
  • JWT-based session authentication with short-lived tokens
  • Database credentials and API keys stored as environment variables, never in code
  • Firewall rules restrict all inbound traffic to application ports only
  • Database is internal-only — not accessible from the internet

GDPR Compliance

  • Data export available: download all suppliers, plots, assessments, and reports as JSON
  • Account deletion requests processed within 30 days per GDPR Article 17 (Right to Erasure)
  • Minimal data collection — only what is necessary for EUDR compliance
  • No third-party analytics trackers on the dashboard
  • Data Processing Agreement (DPA) available upon request

Satellite Data & Third-Party Services

  • Deforestation assessments use high-resolution multispectral satellite imagery — from the EU Earth observation programme
  • Vegetation change detection methodology is documented and reproducible
  • Baseline period: June-August 2020 (before the EUDR cutoff of December 31, 2020)
  • High-resolution multispectral satellite data
  • All satellite evidence included in PDF compliance reports for audit trail

Compliance & Audit Trail

  • Complete audit log of all actions: login, data creation, assessment triggers, report generation
  • 5-year record retention as required by EUDR Article 12
  • PDF reports include methodology, legal framework references (Articles 2, 3, 8), and disclaimers
  • Due Diligence Statement preparation follows the TRACES NT submission format

Payment Security

  • Payments processed by Stripe — PCI DSS Level 1 certified
  • No credit card numbers stored on our servers
  • Subscription management via Stripe's secure customer portal

Security Contact

Found a security vulnerability? Have questions about our data practices? Contact us at security@plotwiser.com

Questions about security?

We are happy to walk you through our security architecture and data handling practices

Reach out to discuss DPAs, infrastructure details, or any compliance-related questions.

Get in Touch