Your data deserves the highest protection.
cashwerk relies on German server locations, GDPR-native architecture, and granular access control – keeping your business data safe.
Security at cashwerk is not an afterthought. It is the foundation of the entire platform. From authentication to data storage to API communication – every layer is designed to protect your business data.
Compliance & Certifications
Meets the strictest requirements of the German market.
GDPR Compliant
Full compliance with the General Data Protection Regulation. Organization isolation, profile privacy settings, and deletion requests directly in the platform.
GoBD Compliant
Tamper-proof invoicing with XRechnung and ZUGFeRD. Automatic number sequences, audit trail, and PDF/A archiving ensure full GoBD compliance.
ISO 27001 Hosting
All data is processed on ISO 27001 certified servers in Frankfurt am Main. No data sharing with third countries.
Complete Audit Trail
Every change to contacts, invoices, projects, and tasks is logged – who changed what, when, and why.
Authentication & Access
Multiple security layers protect your accounts.
JWT Token Authentication
Secure token-based authentication with automatic renewal via refresh tokens.
OAuth 2.0 Social Login
Sign in via Google, Microsoft, or Apple – without managing separate passwords.
Email-Based OTP
One-time passwords via email for additional security during critical actions and initial verification.
Secure Sessions
Encrypted server sessions with automatic invalidation on inactivity.
Granular Permission System
Control exactly who can see and edit what.
cashwerk features a fine-grained role-based access control system (RBAC) that manages access down to the individual entity level. With the three-tier ownership model OWN, ASSIGNED, and ANY, you precisely determine which records an employee can view, create, edit, or delete.
Permissions can be individually assigned per module – from CRM to invoices and projects to the AI assistant. Create custom roles with individual permission profiles and flexibly assign them to your team members.
Module mit RBAC
Ownership Model
Infrastructure & Encryption
Enterprise-grade technology for your data protection.
Full Encryption
All data transfers are TLS encrypted. Database connections use encrypted PostgreSQL connections.
German Servers (Frankfurt)
Cloud-native architecture on Google Cloud Platform with data center in Frankfurt am Main. No US Cloud Act exposure.
Secure Secret Management
Sensitive configurations and API keys are managed via Doppler – no plaintext in code or environment variables.
Real-Time Monitoring
Sentry-based error detection in real time. Automatic notifications for anomalies, performance bottlenecks, or security incidents.
Data Protection in Detail
Transparency and control over your data.
- Each organization sees only its own data – complete tenant isolation at the database level
- Password security policies and email verification during registration
- Profile and privacy settings configurable per user
- Privacy policy, terms of use, cookie policy, and EULA managed via Termly
- Deletion requests and data export directly available in the platform
- No sharing of customer data with third parties without explicit consent
FAQ
Your data is safe with us
Made in Germany
Developed & hosted in Germany
GDPR-compliant
Fully data protection compliant
Cloud Hosting DE
Servers only in Germany
ESG Certified
Sustainable & responsible
Convinced by our security?
Try cashwerk for free and experience enterprise-grade data protection from day one.