Is cashwerk GDPR compliant?

Yes. cashwerk was built GDPR-compliant from the ground up. All data is processed on servers in Frankfurt am Main. We offer tenant isolation, audit trail, and privacy settings; data subject rights are handled on request in line with the GDPR.

Where is my data stored?

All data is exclusively processed and stored on Google Cloud Platform servers in Frankfurt am Main (EU region europe-west3). No data transfer to third countries takes place.

What about the US CLOUD Act?

cashwerk stores and processes all data exclusively in the EU (Frankfurt) and is fully GDPR-compliant. Our cloud infrastructure runs on an established provider; any third-country access is governed by data processing agreements and EU Standard Contractual Clauses. We don't claim blanket immunity from the US CLOUD Act – what matters is EU data residency, encryption and GDPR compliance.

How is my data encrypted?

All data transfers are TLS encrypted. Database connections use encrypted PostgreSQL connections. Sensitive configurations are managed via a dedicated secret-management system, without plaintext in code or environment variables.

Security & Compliance

Your data deserves the highest protection.

cashwerk relies on German server locations, GDPR-native architecture, and granular access control – keeping your business data safe.

Security at cashwerk is not an afterthought. It is the foundation of the entire platform. From authentication to data storage to API communication – every layer is designed to protect your business data.

Compliance & Certifications

Meets the strictest requirements of the German market.

GDPR Compliant

Full compliance with the General Data Protection Regulation. Organization isolation and profile privacy settings; data subject rights are handled on request in line with the GDPR.

GoBD Compliant

Tamper-proof invoicing with XRechnung and ZUGFeRD. Automatic number sequences, audit trail, and PDF/A archiving ensure full GoBD compliance.

ISO 27001 Hosting

All data is processed on ISO 27001 certified servers in Frankfurt am Main. No data sharing with third countries.

Complete Audit Trail

Every change to contacts, invoices, projects, and tasks is logged – who changed what, when, and why.

Auth

Authentication & Access

Multiple security layers protect your accounts.

JWT Token Authentication

Secure token-based authentication with automatic renewal via refresh tokens.

OAuth 2.0 Social Login

Email-Based OTP

One-time passwords via email for additional security during critical actions and initial verification.

Session Management & Geo-IP

Device overview with Geo-IP detection. View all active sessions and revoke individual ones remotely. Automatic invalidation on inactivity.

RBAC

Granular Permission System

Control exactly who can see and edit what.

cashwerk features a fine-grained role-based access control system (RBAC) that manages access down to the individual entity level. With the three-tier permission model – Own, Assigned, and Any – you precisely determine which records an employee can view, create, edit, or delete.

Permissions can be individually assigned per module – from CRM to invoices and projects to the AI assistant. Create custom roles with individual permission profiles and flexibly assign them to your team members.

Module mit RBAC

CRMInvoicingSales PipelineProjectsTasksCalendarTime TrackingDriveAsset ManagerOrganizationUser ManagementAI AssistantAPI & Integrations

Permission levels

Own

Assigned

Any

Infrastructure

Infrastructure & Encryption

Enterprise-grade technology for your data protection.

Full Encryption

All data transfers are TLS encrypted. Database connections use encrypted PostgreSQL connections.

German Servers (Frankfurt)

Cloud-native architecture on Google Cloud Platform, EU region Frankfurt am Main (europe-west3). All data stays in the EU.

Secure Secret Management

Sensitive configurations and API keys are managed via a dedicated secret-management system – no plaintext in code or environment variables.

Real-Time Monitoring

Automatic error and anomaly detection in real time. Notifications for performance bottlenecks or security incidents.

Data Protection in Detail

Transparency and control over your data.

Each organization sees only its own data – strict logical tenant isolation at the application level
Cryptographically signed public links (HMAC) – tamper-proof with 7-day validity for invoice PDFs, documents, and booking pages
Session management with Geo-IP tracking – view all active devices and revoke individual sessions remotely
Password security policies and email verification during registration
Profile and privacy settings configurable per user
Privacy policy, terms of use, cookie policy, and EULA managed via Termly
Data subject rights (access, erasure) are handled on request in line with the GDPR
No selling or sharing of customer data for advertising – processed only by contractually bound, GDPR-compliant processors

FAQ

Mehr über cashwerk erfahrenÜber uns

Security & Trust

Your data is safe with us

Made in Germany

Hosted in the EU – developed in Europe

GDPR-compliant

Fully data protection compliant

Cloud Hosting DE

Servers only in Germany

ESG Certified

Sustainable & responsible

Get started now

Convinced by our security?

Try cashwerk for free and experience enterprise-grade data protection from day one.

Start for Free

Or:Book a Demowith an expert

Laden...

Your data deserves the highest protection.

cashwerk relies on German server locations, GDPR-native architecture, and granular access control – keeping your business data safe.

Granular Permission System

Control exactly who can see and edit what.