Security
Overview of technical and organizational measures used to protect data and systems.
- Last updated
- 2026-04-22
1. Security Principles
We apply appropriate technical and organizational safeguards to protect data confidentiality, integrity, and availability.
Controls are designed and reviewed based on risk and proportionality.
2. Security controls (summary)
Our security model includes access controls, logging, monitoring, secure configuration, and regular system updates.
- Role-based access controls and permission boundaries
- Encrypted data transmission over HTTPS/TLS
- Technical safeguards at application and infrastructure layers
- Logging and review of security-relevant events
3. Service providers and accountability
We rely on selected technical providers for operations and service delivery, as listed in the privacy notice (including Vercel, consent.io/c15t, Fillout, and Microsoft).
Data protection roles, legal bases, and recipient details are governed by the privacy notice.
4. Incident handling
For security events, internal procedures are used for detection, assessment, containment, and follow-up.
For incidents involving personal data, assessment and notification procedures are applied in line with Art. 33 and 34 GDPR.
5. Security reporting contact
Security-related reports can be sent to info@thermobee.de.
Data subject rights and privacy requests are handled through the same contact channel according to the timelines described in the privacy notice.
6. Scope and updates
This page provides a general security overview. Binding details on personal data processing, recipients, legal bases, and data subject rights are described in the privacy notice.
We update this information when technical, organizational, or legal requirements change.