ZEKTOR.IO Docs

Security & Compliance

How Zektor.io keeps your data secure — encryption, compliance, access control, and EU data residency.

Overview

Zektor.io is built with security as a core principle. As a German company operating exclusively within the EU, we provide robust data protection, encryption, and compliance with European regulations.

Data Residency

All data is stored exclusively in EU data centers:

RegionLocationCertification
nbg1Nuremberg, GermanyISO 27001
fsn1Falkenstein, GermanyISO 27001
hel1Helsinki, FinlandISO 27001

Your data never leaves the European Union. This includes all database storage, backups, WAL archives, and metadata.

Encryption

Encryption in Transit

All connections to Zektor.io databases use TLS 1.2+ encryption. This applies to:

  • PostgreSQL connections (via sslmode=require)
  • Valkey connections (via TLS/rediss://)
  • Dashboard and API access (HTTPS)

No unencrypted connections are accepted.

Encryption at Rest

All data stored on disk is encrypted using AES-256 encryption. This includes:

  • Database files
  • Write-ahead logs (WAL)
  • Backups
  • Temporary files

Encryption keys are managed by the infrastructure provider and are never accessible to Zektor.io staff or customers.

Network Security

Isolated Instances

Each database instance runs in an isolated container with:

  • Dedicated compute resources (no shared CPU/memory)
  • Private networking between containers
  • Firewall rules restricting access to database ports only

TLS Certificates

Our TLS certificates are issued by trusted public certificate authorities. No custom certificate installation is required on the client side.

Access Control

Dashboard Access

  • Email + password authentication
  • OAuth support (Google, GitHub)
  • Session management with secure, HTTP-only cookies

Database Access

  • Database credentials are generated per-instance
  • Credentials are only displayed once at creation and can be rotated
  • Each instance has its own isolated authentication — credentials from one instance cannot access another

Rotating Credentials

To rotate your database credentials:

  1. Navigate to your instance's Settings tab
  2. Click Rotate Password (or Regenerate Credentials)
  3. A new password will be generated immediately
  4. Update your application's connection string with the new credentials

Important: The old password is invalidated immediately. Ensure you update all applications using this instance before or immediately after rotation. Consider using environment variables to make credential updates seamless.

Credential best practices

  • Store credentials in environment variables, not in code
  • Use separate credentials for each environment (development, staging, production)
  • Rotate credentials periodically (every 90 days recommended)
  • Never commit credentials to version control

GDPR Compliance

As a German company, Zektor.io is fully compliant with the General Data Protection Regulation (GDPR):

  • Data Processing Agreement (DPA) — Available on request for enterprise customers
  • Data residency — All data is processed and stored within the EU
  • Right to deletion — Instance and account deletion permanently removes all associated data
  • Data portability — Export your data at any time using standard database tools (pg_dump, etc.)
  • No data sharing — We do not share, sell, or process your data for any purpose other than providing the service

Compliance Certifications

StandardStatus
GDPRCompliant
ISO 27001Data centers certified
SOC 2In progress

Backup Security

  • Backups are encrypted at rest (AES-256)
  • Backups are stored in the same region as the source database
  • Backup retention is configurable
  • Deleted instance backups are permanently removed after the retention period

Incident Response

In the event of a security incident:

  1. We will notify affected customers within 72 hours as required by GDPR
  2. Our team will investigate and mitigate the issue
  3. A post-incident report will be provided to affected customers

Responsible Disclosure

If you discover a security vulnerability in Zektor.io, please report it to [email protected]. We appreciate responsible disclosure and will work with you to address any issues.

Best Practices

  1. Use strong passwords — Use a password manager and unique credentials per service
  2. Rotate credentials regularly — Regenerate database passwords every 90 days
  3. Use TLS — Always connect with sslmode=require (PostgreSQL) or --tls (Valkey)
  4. Limit access — Only give database credentials to services that need them
  5. Monitor for anomalies — Regularly check pg_stat_activity for unexpected connections
  6. Keep backups — Enable automated backups and test restoration regularly
  7. Use environment variables — Never hardcode credentials in your application code

Next Steps

  • Connecting — Securely connect to your database
  • Backups — Configure backup scheduling
  • FAQ — Common security questions

Pricing

Simple, transparent pricing for Zektor.io managed database instances — no hidden fees, no bandwidth charges, no contracts.

Limits & Quotas

Platform limits, resource quotas, and connection limits for Zektor.io managed database instances.

On this page

OverviewData ResidencyEncryptionEncryption in TransitEncryption at RestNetwork SecurityIsolated InstancesTLS CertificatesAccess ControlDashboard AccessDatabase AccessRotating CredentialsCredential best practicesGDPR ComplianceCompliance CertificationsBackup SecurityIncident ResponseResponsible DisclosureBest PracticesNext Steps