Security & Compliance

Your clients trust you with their financial lives. We take that responsibility as seriously as you do. Here is how we protect their data.

Encryption

All data is encrypted at rest with AES-256 and in transit with TLS 1.3. Database backups are encrypted and stored in geographically separate regions. Encryption keys are managed through a dedicated key management service with automatic rotation. No sensitive data is ever stored in plain text.

Authentication

Buffrr supports multi-factor authentication, session management with automatic expiration, and role-based access controls. Enterprise customers can integrate SSO via SAML 2.0 or OpenID Connect for centralized identity management. Passwords are hashed with modern algorithms and never stored in plain text. Every login attempt is recorded in the audit trail.

Infrastructure

Our platform runs on SOC 2-compliant cloud infrastructure with automated scaling, redundancy, and continuous monitoring. We perform regular penetration testing and vulnerability assessments. All systems are patched and updated on an ongoing basis. The infrastructure is designed to scale automatically and guarantee consistent response times even during peak loads.

Compliance

Buffrr is designed to support MiFID II adequacy and appropriateness requirements, GDPR data-protection obligations, and financial-industry record-keeping standards. Our audit trail captures every significant action for regulatory review. Every meaningful action — from portfolio modifications to client profile updates — is recorded with a timestamp and user identifier.

Privacy

We collect only the data necessary to deliver our service. Client financial data is never sold or shared with third parties. You retain full ownership of your data and can export or delete it at any time. Our privacy policy is written in plain language — no legalese, no hidden clauses or ambiguous terms.

Data Residency

All primary data is hosted on European data centers located in Frankfurt, Germany. Encrypted backups are replicated to a second European region to ensure business continuity. We do not transfer data outside the European Economic Area. Our disaster recovery plan provides an RPO (Recovery Point Objective) of 24 hours and an RTO (Recovery Time Objective) of 4 hours.

Audit & Certifications

Buffrr’s infrastructure undergoes periodic penetration testing conducted by independent external providers. We maintain a complete and immutable audit trail of all platform operations. The architecture follows SOC 2 principles and OWASP best practices for application security. We are committed to a continuous certification path to guarantee the highest security standards.

Security is not an add-on: it is integrated into every layer of the platform, from architecture design to daily operations management. We continuously invest in security updates and team training to stay ahead of threats and protect your clients’ data. Every software release goes through a comprehensive security review process before being deployed to production.

Built-in MiFID II profiling → About us → Frequently asked questions →

Ready to Modernize Your Practice?

Start managing portfolios with the tools you deserve. Personal plan from €9/month.

Try Now