Security
Security and trust
Your clients' data and your agency's reputation are protected by industry-leading security practices.
Encryption at Rest & Transit
All data is encrypted using AES-256 at rest and TLS 1.3 in transit. Your data is protected at every stage.
SOC 2 Compliance
Our infrastructure providers maintain SOC 2 compliance. Contact us for specific documentation.
GDPR Compliant
Full GDPR compliance for European agencies and clients. Data processing agreements available on request.
Two-Factor Authentication
Protect your account with 2FA using authenticator apps. Optional enforcement for all team members.
Daily Backups
Automated daily backups with 30-day retention. Point-in-time recovery available.
High Availability
We monitor platform health continuously and maintain redundancy across availability zones.
Infrastructure Security
Hosting
EmbedMyReviews runs on enterprise-grade cloud infrastructure with redundancy across multiple availability zones. Our primary platform data centres are in Germany, European Union—so EU clients and agencies serving European businesses get clear EU-based hosting and predictable data residency. Facilities meet strict physical and operational security standards; our infrastructure providers maintain SOC 2 compliance.
Network Security
DDoS protection, Web Application Firewall (WAF), and intrusion detection systems protect our infrastructure 24/7. All network traffic is monitored and logged.
Access Controls
Role-based access control (RBAC) ensures team members only access what they need. All access is logged and auditable. Admin actions require multi-factor authentication.
Vulnerability Management
Regular security audits and penetration testing. Dependencies are monitored for vulnerabilities and patched promptly. Responsible disclosure inquiries can be directed to [email protected].
Security Questions?
Our security team is available to answer questions and provide documentation for enterprise security reviews.
Contact Security Team See whether EMR fits the way
your agency actually runs.
Try the real workflows, brand the platform, and decide with your own eyes whether it belongs in your stack.