Security Overview

Filoxenos implements technical and organisational measures designed to protect personal data against unauthorised access, loss, alteration and disclosure.

All data transmitted to and from the Filoxenos platform is protected using TLS/HTTPS.

Personal data stored in the database is protected through encryption at rest. Booking data is stored in encrypted form and is not directly readable in plain text from a database dump.

Filoxenos uses infrastructure located in Frankfurt, Germany (eu-central-1 / fra1) for application hosting and function execution. Database and backend infrastructure are operated in the EU region (eu-central-1). DNS and nameserver services are provided separately. Cloudflare is currently used only for DNS and nameserver services, without proxy or CDN functionality.

Access to production systems is restricted to authorised personnel only. Access to production-related data is limited to company management and developers, and only to the extent necessary for operating, maintaining and securing the service. Encrypted booking data is not directly readable in plain text.

Privileged internal accounts used to administer infrastructure and production systems are protected with multi-factor authentication.

Daily rolling backups are created through Supabase. Backup snapshots are retained for 7 days, allowing restoration from daily snapshots covering the previous 7 days.

Filoxenos maintains operational and security-related controls to support system reliability, maintenance and the identification of technical issues and potential security events.

Security incidents are assessed and handled through internal response procedures. Where required by applicable law, affected customers are informed without undue delay.

Security measures are reviewed and updated as the platform and its infrastructure evolve.