Skip to content
Ordinus
Sign up free
SECURITY

Your data, handled like infrastructure.

EU-hosted scheduling with a documented subprocessor list, single-tenant Postgres, and TLS end-to-end. The boring stuff, done right.

EU - Germany

Hetzner Cloud hosting with single-tenant Postgres.

GDPR-aligned

Documented subprocessors, DPA available on request.

TLS end-to-end

Encrypted in transit between browser, app, and integrations.

Responsible disclosure

A direct channel for reporting vulnerabilities.

PILLARS

How we keep your data safe.

Data handling

We store only what scheduling needs: contact details, appointment data, and the calendar availability required to route bookings.

  • Client names and emails
  • Appointment dates and times
  • Calendar availability
  • Payment information
  • Account credentials

We never sell your data or use it to train models.

Authentication and sessions

Accounts are protected with hashed passwords, signed sessions, and standard safeguards against common web attacks.

  • Hashed password storage
  • Secure session management
  • HTTP-only cookies
  • CSRF protection
  • Rate limiting

Sessions expire automatically and can be revoked at any time.

Encryption

Traffic is encrypted in transit with TLS, and data is encrypted at rest by our EU hosting provider.

  • TLS / HTTPS in transit
  • Encryption at rest
  • Encrypted keys and tokens
  • Card data handled by Stripe

We never store raw card numbers. Payments go straight to Stripe.

Infrastructure

Ordinus runs on EU cloud infrastructure with daily backups, monitoring, and regular security updates.

  • Daily backups
  • Uptime monitoring
  • EU cloud hosting
  • Monitoring and alerting
  • Regular security updates

Backups are encrypted and kept in the EU.

GDPR

Ordinus is built for GDPR. You can access, export, and delete your data, and we document how every subprocessor handles it.

  • GDPR-compliant processing
  • Right to access
  • Right to deletion
  • Data portability
  • Clear policies

Read the privacy policy

Report a vulnerability

Found a security issue? We want to hear about it, and we take responsible disclosure seriously.

Email us at security@ordinus.io

We aim to acknowledge reports within 48 hours.

COMPLIANCE

Subprocessors and policies.

We work with a small set of vetted vendors. All data stays in the EU unless explicitly noted.

Hetzner Cloud

Application hosting · self-managed Postgres

EU · Germany

Resend

Transactional email delivery

EU

Stripe

Payment processing (PCI DSS Level 1)

EU / US

Umami Analytics

Product analytics · self-hosted, cookieless

EU

Contact

Contact description