Docs
Trust

Security

How Numezis protects your data — encryption, access control, audit.

Numezis is built for Swiss SMEs and their fiduciaries. Security is not a post-launch add-on — it's part of the architecture. This page summarizes how we protect data; a more detailed Security Whitepaper is available on request.

Hosting and data residency

  • All production workloads run on Google Cloud Platform in the europe-west6 (Zurich) region.
  • Your tenant data never leaves Switzerland for application processing or storage at rest.
  • Cross-region backups stay within the EU; you can request strict Swiss-only backups on the Enterprise plan.

Encryption

  • In transit — TLS 1.3 minimum on all endpoints. HSTS preload enabled for www.numezis.com.
  • At rest — AES-256-GCM. Database, document storage (PDFs, scans), and backups all encrypted.
  • Application-level — PII fields (IBAN, addresses, social numbers) are encrypted with a per-tenant DEK wrapped by a KMS-managed CMK. Compromise of database backups doesn't yield plaintext PII.

Access control

  • Tenant isolation — Every API request carries an AccessMode scope. Code reviews and CI checks (audit-accessmode-scoping, audit-repository-scoping) enforce that no query can cross tenant boundaries.
  • Role-based — Workspace roles (Admin, Manager, Operator, Viewer) with custom-role extensions.
  • MFA — TOTP and WebAuthn passkeys. Workspace admins can enforce MFA org-wide.
  • SSO — Google Workspace and Microsoft 365 OIDC on paying plans.

Audit and logging

  • Every state-changing action writes to a per-tenant audit log: actor, timestamp, before/after, IP and user-agent.
  • Logs are retained for the active subscription period plus the legal Swiss commercial-records minimum (10 years for accounting events).
  • Tenants on the Pro+ plans can export their audit log via API.

Software supply chain

  • All code goes through pull-request review with at least one approval.
  • Dependency updates are gated by automated CI (test suite, security audit, supply-chain pinning via package-lock.json).
  • Container images are built locally then pushed to Google Artifact Registry; no third-party hosted CI handles secrets.

Incident response

  • 24/7 monitoring of error rates, latency, and unauthorized-access attempts via Sentry + Cloud Monitoring.
  • Severity-1 incidents (data exposure, full outage) trigger a status page update within 30 minutes and a written post-mortem within 5 business days.

Reporting a vulnerability

Please email security@numezis.com with steps to reproduce. We acknowledge within 1 business day. We do not yet run a paid bug bounty but recognize researchers publicly with their consent.

MCP — setup and support guide

Connect Claude, ChatGPT, or any MCP client to Numezis with OAuth 2.0 and Streamable HTTP.

Swiss compliance

How Numezis maps to Swiss regulations — VAT, AHV, data protection.

On this page

Hosting and data residencyEncryptionAccess controlAudit and loggingSoftware supply chainIncident responseReporting a vulnerability