100% EU Data Residency · Made in Germany

Your Data Stays in the EU

All personal data is processed and stored exclusively on German servers. No transfers to the US or other third countries. GDPR-compliant by design.

View DPA

Hetzner, Germany

ISO 27001 certified

GDPR-compliant

DPA included

No US transfers

Server Location: Germany

Content Mate operates its entire infrastructure in German data centers of Hetzner Online GmbH.

Nuremberg & Falkenstein Data Centers

All application servers, databases (PostgreSQL), caches (Redis) and media storage are operated exclusively in Hetzner data centers in Nuremberg and Falkenstein, Germany.

ISO 27001 Certified (Hetzner)

Hetzner Online GmbH is certified to ISO 27001 and SOC 2 Type II. Data centers feature physical access control, CCTV, 24/7 security staff, and redundant power supply.

Encrypted Transmission

All data transmissions are encrypted via TLS 1.2+. Passwords are hashed with bcrypt. OAuth tokens are stored encrypted. Media files are secured with server-side encryption.

No Third-Country Transfers

Application, analytics, and usage data never leaves EU jurisdiction. The only exception: payment data via Stripe (secured under the EU-US Data Privacy Framework).

Workspace-Based Data Isolation

Each workspace is separated by strict database isolation. All database queries are filtered by workspace ID. Multi-tenant architecture following the principle of least privilege.

Automated Backups

Regular encrypted database backups with a backup rotation of max. 90 days. Redis persistence for queue data. Full data deletion within 30 days after contract termination.

Sub-Processors

A complete list of all sub-processors handling personal data within Content Mate.

Provider	Purpose	Processing Location	Certification
Hetzner Online GmbH	Cloud hosting: application servers, PostgreSQL, Redis, object storage (S3-compatible)	Germany (EU)	ISO 27001, SOC 2 Type II
Stripe, Inc.	Payment processing and subscription management (email, name, payment data)	EU & USA	PCI DSS Level 1, EU-US DPF (Art. 45 GDPR)

Changes to this list are communicated at least 4 weeks in advance in writing (per §8 DPA). Social media platforms (Meta, TikTok, LinkedIn) are independent controllers, not sub-processors.

Compliance at a Glance

Content Mate is built for organizations that require the highest level of data protection.

100%

EU Data Residency

All data stored in Germany

ISO 27001

Hosting Certification

Hetzner Online GmbH

Art. 28

GDPR DPA

Based on official BfDI template v2.1

TLS 1.2+

Encryption

For all client & API connections

DPA per Art. 28 GDPR

Data Processing Agreement (DPA) Included

Every Content Mate customer automatically receives a legally binding DPA under Art. 28 GDPR — based on the official BfDI template (Version 2.1). No extra work, no additional cost.

View & Download DPA

Frequently Asked Questions about Data Residency

All application data (database, media files, cache) is stored exclusively on servers of Hetzner Online GmbH in Germany — specifically in the Nuremberg and Falkenstein data centers. No transfer to the US or other third countries takes place.

Payments are processed via Stripe, Inc. (USA). Stripe is certified under the EU-US Data Privacy Framework (DPF), making the data transfer lawful under Art. 45 GDPR (adequacy decision). Content Mate itself does not store full credit card details.

Yes. Every Content Mate contract automatically includes a Data Processing Agreement under Art. 28 GDPR, based on the template of the Federal Commissioner for Data Protection (BfDI). You can view and download the DPA at any time at /av-vertrag.

Hetzner Online GmbH's data center infrastructure is certified to ISO 27001 and SOC 2 Type II. These certifications demonstrate a comprehensive information security management system (ISMS) and are regularly audited by independent reviewers.

After subscription termination, all personal data is irrevocably deleted within 30 days — including database entries, media files (S3), cache (Redis), and backups within the 90-day rotation cycle. A deletion certificate is available on request.

Yes, you can export your data at any time through the app. Upon contract termination, we also provide a full data export on request.