Skip to content
English
Contact
  • There are no suggestions because the search field is empty.

Stackgini Compliance Overview

Stackgini is committed to operating a secure, privacy-respecting, and accessible platform. We maintain independent certifications and undergo regular audits to demonstrate that our policies, processes, and products meet internationally recognized standards. This overview summarizes the frameworks we comply with and what each means for our customers, partners, and users.

Security

ISO/IEC 27001:2022 — STACKGINI GmbH

Certified Information Security Management

Stackgini GmbH is certified to ISO/IEC 27001:2022, the leading international standard for Information Security Management Systems (ISMS). The certification covers the design, development, operation, and support of the full Stackgini SaaS platform.

Our ISMS governs risk assessment, access control, cryptography, secure software development, supplier management, incident response, and business continuity. The certification is maintained through annual surveillance audits and a full recertification every three years.

ISO/IEC 27001:2022 — INFRASTRUCTURE

Certified Hosting Environment

The Stackgini platform runs on AWS in the eu-central-1 (Frankfurt) region, which is independently certified to ISO/IEC 27001:2022. This means the physical and virtual data centre controls — including facility security, hardware lifecycle, network segmentation, and environmental controls — are audited separately from the Stackgini application layer.

This two-layer model (certified platform on certified infrastructure) gives customers end-to-end assurance across both the software they use and the environment it runs in.

ISMS POLICY FRAMEWORK

Stackgini maintains documented ISMS policies, which can be accessed in our Trust Center here: https://app.kertos.io/trust-center/stackginigmbh

Data Protection and Privacy

DSGVO / GDPR

Attested Compliance with European Data Protection Law

Stackgini processes personal data in accordance with the EU General Data Protection Regulation (GDPR) and its German implementation, the Datenschutz-Grundverordnung (DSGVO). Our technical and organisational measures (TOMs) under Article 32 are independently attested by heyData (https://heydata.eu/).

The Stackgini DPA is part of our General Terms and Conditions, which can be downloaded and found here: https://www.stackgini.de/legal/terms-conditions

Data Processing Agreements (DPAs) are in place with all sub-processors in line with Article 28 GDPR. 

EU Data Act

Moreover, Stackgini is compliant with the EU Data Act. To the extent that the software or the services provided under the contract constitute a data processing service within the meaning of Article 2(8) of Regulation (EU) 2023/2854 (“Data Regulation”), the provisions of the Annex on the Change of Data Processing Services in our terms and conditions apply.

DATA RESIDENCY & INFRASTRUCTURE

Hosting location

Exclusively in Germany and the EU — AWS eu-central-1 (Frankfurt, Germany) and Azure EU regions. No data is transferred outside the EU/EEA without explicit GDPR-compliant safeguards.

Data sovereignty

All customer data remains within Germany / EU jurisdiction at all times.

Encryption in transit

TLS 1.2 and TLS 1.3 enforced on all connections. No unencrypted channels are permitted.

Encryption at rest

AES-256 encryption applied to all data at rest. Backup data additionally protected with SHA-256 integrity hashing.

Multi-tenant isolation

Logical tenant separation enforced at the software layer with dedicated permission concepts and database-level access controls per tenant.

 Backup &   recovery 

 Daily automated backups stored in AWS S3 (versioning enabled). Backup data encrypted and access-restricted to authorised personnel 

AI GOVERNANCE

EU AI ACT

Compliant — Limited / Minimal Risk Classification

Stackgini has assessed its AI-enabled features against the EU AI Act and confirms that none of them fall within the Annex III high-risk use cases. The platform is therefore classified under the Limited / Minimal Risk tier.

An internal AI Policy governs the complete AI lifecycle — from data sourcing and model selection through deployment, monitoring, and decommissioning — and defines the transparency, human oversight, and documentation requirements that apply to each feature in line with EU AI Act obligations.

AI model

Foundation AI models are sourced from Microsoft Azure Services. Foundation model accessed exclusively through Microsoft's EU-hosted endpoints.

Customer data

Customer tenant data is never used to train, fine-tune, or improve foundation models without explicit customer opt-in.

Responsible AI

Stackgini follows Microsoft's Responsible AI Principles. Built-in content filters and safety mitigations are never disabled or circumvented.

Prohibited uses

No HR/personnel scoring, no credit scoring, no behavioural profiling, no biometric identification, no social scoring.

AI risk classification

Limited/Minimal Risk under EU AI Act. No Annex III high-risk use case applies.

Accessibility

WCAG 2.1

Conformant with Web Content Accessibility Guidelines

Stackgini is conformant with the Web Content Accessibility Guidelines (WCAG) published by the W3C. Our interfaces are designed and tested to be perceivable, operable, understandable, and robust for users of assistive technologies, including screen readers and keyboard-only navigation.

Accessibility is verified through a combination of automated tooling, manual expert review, and user testing. This supports our customers in meeting their own obligations under the European Accessibility Act (EAA) and comparable national regulations.


Please visit the Stackgini Trust Center for further details: https://app.kertos.io/trust-center/stackginigmbh