Trust page

Security & compliance — built EU-first, US-friendly

MSPercury is hosted in Germany (Hetzner Nuremberg) and operated to GDPR standards. The same stack built for German IT-service providers serves US-MSPs cleanly too. This page summarises what we actually do — and what we don't yet. No marketing fluff.

Data residency

All data EU-hosted

All production data lives exclusively in Hetzner Online GmbH's Nuremberg, Germany data centre — ISO 27001 certified, 24/7 physical security, no third-party staff access. No US replication, no third-country transfer of customer data.

✓ GDPR-compliant operation (Art. 28).
✓ Data Processing Agreement (DPA) on request — auto-generated for paid workspaces.
✓ Daily off-site backups to Hetzner Storage Box, 30-day retention.

Encryption

AES-256-GCM at rest, TLS 1.3 in transit

Data at rest encrypted with AES-256-GCM. Connections only over TLS 1.3 with HSTS (1 year). AI-integration API keys are BYO — your Anthropic, OpenAI or Ollama key is stored encrypted per workspace and never shared across tenants.

✓ End-to-end TLS 1.3; legacy protocols hard-disabled.
✓ bcrypt password hashing (cost factor ≥ 12).
✓ AI API keys are tenant-scoped; no cross-tenant sharing.

Authentication

PIN signup, optional TOTP + passkey

Default is a low-friction PIN-only signup. Password + TOTP second factor are optional. Magic-link verifies every new device; session cookies are HttpOnly + Secure + SameSite=Lax. Hardware passkeys (WebAuthn) supported.

✓ Login rate limiting (5 attempts / 15 min / IP).
✓ Magic-link verification for new devices; single-use, short-TTL token.
✓ WebAuthn passkeys for phishing-resistant 2FA.

Tenant isolation

Every query org-scoped

Every database query in MSPercury carries the `organizationId` filter. No cross-tenant joins exist. The only deliberate cross-tenant surface is the partner-marketplace lookup — and it is explicitly read-only on opted-in public profile fields. Last internal audit: 2026-05-19.

✓ Strictly org-scoped queries at the ORM layer (Drizzle).
✓ Role model: Owner / Admin / Member.
✓ Privileged-admin access is logged.

Compliance roadmap

GDPR today, SOC 2 in scope

We say openly where we stand. GDPR is shipped today: EU hosting, DPA, full data export, deletion on request. SOC 2 Type I is in scope for 2027. For US healthcare-MSPs the Pro tier supports the operational controls; a Business Associate Agreement (BAA) is available on request.

✓ GDPR: ✓ shipped (EU-hosted, DPA, data export, deletion).
✓ SOC 2 Type I: in scope for 2027 (pre-audit phase).
✓ HIPAA-aligned workflows: Pro tier; BAA available on request.

What we don't do

No third-party analytics, no pixels, no data sales

MSPercury loads no Google / Meta / LinkedIn pixels inside the product. No third-party analytics on customer data. No sale or resale to ad networks. Logs are rotated every 14 days; no employee or end-customer surveillance telemetry of any kind.

✓ No advertising pixels inside the app shell.
✓ GA only on the public landing (transparent in /legal/cookies).
✓ No data sales, no sharing with ad networks.

Reporting a vulnerability

If you have found a vulnerability, please write to security@mspercury.com. We typically acknowledge receipt within one business day. We ask that you allow us 90 days before publishing publicly — we'll happily coordinate a joint disclosure date.

Email the security team View the DPA

Confidential reports can be encrypted with PGP on request — public key available on request.

Last updated: 2026-05-20. This page reflects our current operating state; roadmap items are flagged as such.