01
Transport encryption
TLS 1.3 with TLS 1.2 fallback. Perfect Forward Secrecy. HSTS with preload submission. No outdated ciphers, no SSLv3/TLSv1.0/1.1. CAA DNS records restrict certificate issuance to Let's Encrypt.
Security & Quality Management
The Tirugo customer portal and infrastructure meet the security requirements of industrial B2B customers. This page documents our technical and organisational measures – transparent and verifiable.
Your data stays in Europe
We operate infrastructure exclusively in the EU and Switzerland. No US cloud hosting, no data transfers to unsafe third countries.
- Primary server location: Hetzner Online GmbH, Falkenstein and Nuremberg (Germany). ISO 27001 certified, GDPR compliant.
- Email delivery (transactional): Resend, Inc. – EU region, Ireland. SPF, DKIM, and DMARC active on tirugo.ch.
- Backup location: Encrypted offsite backups at a Swiss provider (details available on audit request).
- No third-country transfers except for Cloudflare Turnstile (bot protection, no personal data transferred – only challenge tokens).
- Swiss nDSG 2023 compliant. GDPR compliant for customers in the EU/EEA.
Defense in Depth
Multi-layer security – each layer protects independently, even when other layers fail.
02
Password security
Argon2id with 64 MB memory cost, 3 iterations, 4 threads – the OWASP-recommended password hashing algorithm. Passwords are never stored in plaintext. On registration: breach check against HaveIBeenPwned via k-anonymity (the password itself is never transmitted).
03
Two-factor authentication
Mandatory for all portal accounts. Time-based one-time passwords (TOTP per RFC 6238) – compatible with Google Authenticator, Microsoft Authenticator, Authy, 1Password, Bitwarden. Passkeys/WebAuthn as an alternative in preparation.
04
Session management
Opaque session tokens (stored server-side). HttpOnly, Secure, SameSite=Strict. Automatic logout after inactivity (15 min admin, 30 min customer, 12 h technician). Active sessions visible in the user profile, remote logout supported.
05
Encryption at rest
LUKS full-disk encryption (AES-256) on the Hetzner server. Documents additionally encrypted at the object store level (SSE-S3). Database backups encrypted with a separate key.
06
Authorisation
Row-level security at the PostgreSQL level – the database kernel filters access per role (customer, technician, admin). Additional application-layer checks (defense in depth). All IDs as UUID v7 – no enumeration attack possible.
07
Security headers & CSP
Content Security Policy Level 3, Strict-Transport-Security with preload, restrictive Permissions-Policy, all OWASP secure headers active. Rating: securityheaders.com A+.
08
Rate limiting & bot protection
Multi-layer rate limits: per endpoint, per IP, per account. Cloudflare Turnstile against advanced bots. Crowdsec for collaborative threat detection. Account lockout after 5 failed attempts with exponential backoff.
09
Input validation
Strict Pydantic schemas, no extra fields allowed. Parameterised SQL queries (asyncpg). Output encoding via Jinja2 auto-escape. File uploads: magic-bytes check instead of extension check, re-encoding via Pillow (EXIF strip), PDF sanitising via qpdf.
Monitoring, logging, recovery
Security does not end with implementation. Continuous observation, logging, and recovery capability are essential.
Continuous monitoring
Centralised logs via Loki and Grafana. Alerts on: failed logins (5+ in 5 min), unusual download volumes, new processes running as the service user, configuration changes to PostgreSQL or nginx. External uptime monitoring.
Immutable audit log
Every write action and document access is logged with: user ID, action, entity, timestamp, IP hash, user-agent hash, request ID. The log table is append-only (database trigger prevents UPDATE/DELETE). Plus a hash chain – each log event contains the SHA-256 hash of the previous one. Daily GPG-signed and archived offsite. Retention: 7 years per Swiss Code of Obligations.
Backup strategy (3-2-1)
Three copies of the data, on two different media, one of them offsite in Switzerland. Daily incremental PostgreSQL backups (WAL-E). Weekly full MinIO snapshots of documents. Monthly automated restore test. RPO 24 hours, RTO 4 hours.
Intrusion detection
Crowdsec on the host – open-source successor to Fail2ban with collaborative threat intelligence. Automatic blocking of known attacker IPs.
Patch management
Automated security updates (unattended-upgrades) for OS and critical packages. Dependency scanning in CI (pip-audit, Safety). Monthly manual dependency review.
Admin access
Only via WireGuard VPN on a separate management interface. No public SSH. SSH keys instead of passwords, no root login. Every administrative access is logged.
Processes and standards
Development
Code reviews mandatory (four-eyes principle). Static analysis in CI: Bandit, Semgrep with OWASP rules, Ruff. Automated tests before every deployment. Staging environment identical to production. Documented release process with rollback plan. Branch protection: signed commits, mandatory reviews on main.
Security audits
Internal pen-tests before every major release (OWASP ZAP, Burp Suite Community). Annual external pen-test by a Swiss firm. Responsible Disclosure Policy published at /security-policy.html.
Incident response
Documented incident response playbook. Data breach notification: reporting to FDPIC within 72 hours for notifiable incidents. Customer notification for relevant security incidents without delay. Post-mortem and lessons learned after every incident.
Certification path
Current: OWASP ASVS Level 2 compliant (self-assessment).
In preparation: ISO 27001 certification (submission planned).
Evaluation: SOC 2 Type II reporting.
For your compliance team
We support your IT audits and procurement processes with prepared documentation and direct communication.
Available on request:
- Tirugo Security Whitepaper – technical documentation of the security architecture (PDF, under NDA)
- Record of Processing Activities (ROPA) – pursuant to nDSG
- Data Processing Agreement (DPA) – template between Tirugo and your company
- SOC 2 report – in evaluation
Detailed security documentation for your IT team
Email: security@tirugo.ch
Our commitments
The Tirugo security seals visualise concrete technical and organisational measures. They are not external certificates but self-commitments to verifiable standards.
nDSG compliant
Swiss Data Protection Act 2023. Verifiable via Privacy Policy + ROPA.
TLS 1.3
Current transport encryption. Verifiable via ssllabs.com.
AES-256
Stored encrypted. Verifiable via pen-test, internal documentation.
Argon2id
OWASP-compliant password hashing. Verifiable via pen-test + code review.
2FA mandatory
Second factor required. Verifiable via demo login + policy.
OWASP ASVS L2
Application Security Verification Standard Level 2. Self-assessment, external audit optional.
Audit log 7 yr
Immutable log with hash chain. Verifiable via demo + code review.
ISO 27001 READY
In preparation. Processes follow ISO 27001 requirements; formal certification planned.
Important note: The ISO 27001 seal is explicitly marked "READY / IN PREPARATION". Tirugo is currently not ISO 27001 certified. Formal certification is being prepared.
Security questions? We answer.
General enquiries
Email: security@tirugo.ch
Report a vulnerability
Please follow our Responsible Disclosure Policy. Machine-readable: security.txt.
IT audits & enterprise enquiries
Book a meeting with the Tirugo security lead: email security@tirugo.ch.
Transparency report
We communicate openly about security matters. This list is updated quarterly.
| Notifiable data breaches since portal launch | 0 |
|---|---|
| Last external pen-test | Portal not yet public – pen-test planned after go-live |
| Open security advisories | 0 |
| Last audit log integrity check | Portal not yet live; hash-chain verification from go-live |
| Website uptime last 12 months | Real values from Trust Center launch – measured via external monitoring |
We communicate security incidents openly, even when they concern us. This transparency is part of our quality promise.