Security

Your models represent critical business knowledge. We take their security seriously.

Data Encryption

All data is encrypted both in transit and at rest.

  • In transit: All connections use TLS 1.2+ encryption. Every request between your browser and our servers is encrypted end-to-end.
  • At rest: Your model data is encrypted at the storage level using AES-256. Database backups are also encrypted.

Hosting & Infrastructure

Metapad is hosted in a Frankfurt, Germany data center operated by DigitalOcean — keeping your data within the EU.

  • EU data residency: Your data never leaves the European Union.
  • Hot standby: A standby instance is ready to take over immediately in case of failure, minimizing downtime.
  • Daily backups: Automated daily backups ensure your data can be restored in case of any incident.
  • Infrastructure monitoring: We monitor system health, performance, and availability around the clock.

Authentication & Access Control

We use Auth0, an industry-leading identity platform, for authentication.

  • Secure sign-in: Email/password with strong password requirements, plus social login options.
  • Session management: Secure, short-lived tokens with automatic refresh.
  • Role-based access: Model owners control who can view and edit their models. Collaborators see only the models shared with them.

Tenant Isolation

Every customer's data is strictly isolated.

  • Application-level enforcement: All database queries are scoped to the authenticated user's organization. There is no way to access another tenant's data through the application.
  • Model-level permissions: Sharing is explicit — a model is private by default and only accessible to users you invite.

GDPR Compliance

As a German company, we are fully committed to GDPR compliance.

  • Data minimization: We collect only the data necessary to provide the service.
  • Right to access and deletion: You can export or delete your data at any time.
  • Data Processing Agreement: Available on request for enterprise customers.
  • No third-party tracking: We do not sell or share your data with third parties for advertising purposes.

For details, see our Privacy Policy.

What's Next

We are committed to continuously improving our security posture. Our roadmap includes:

  • SOC 2 Type II certification — formal audit of our security controls
  • Penetration testing — regular third-party security assessments
  • SSO / SAML — enterprise single sign-on (available on Enterprise plans)

Questions?

If you have security questions or need a Data Processing Agreement, contact us at security@transentis.com.

About transentis

transentis labs GmbH builds tools for understanding and transforming complex systems. Metapad is our professional IDE for Enterprise Digital Twins. Learn more about our mission.