Data protection is a priority at essentry. We value the trust of our customers and ensure that their data is protected.

blue lines

Data Protection

A solution with the highest data protection and data security standards. Made in Germany.

essentry guarantees data protection, by design and by default, and complies with the strict regulations of Article 9 of the GDPR. In this interview, COO and co-founder Nikolai Vitzthum explains how essentry ensures data privacy and protection.

The data protection concept.

GDPR compliant.

essentry meets the strict requirements of the EU's General Data Protection Regulation and is regularly audited by an independent external data protection officer.

Full data control.

essentry gives you full control over your data. You can centrally access the data you need to fulfill audit requirements. At the same time, predefined deletion mechanisms ensure compliance with legal requirements.

Encryption.

essentry uses strong encryption algorithms to protect data both "in transit" and "at rest“. All databases are encrypted with AES-256. HTTPS is used for browser connections, and developers use SSH, SSL / TLS to connect to essentry systems.

Certified infrastructure.

essentry uses industry-leading cloud infrastructure that meets the highest security and availability standards. Our third-party certifications include ISO 27001, ISO 27017, ISO 27018, and SOC2.

Highly secure, enterprise-grade infrastructure.

essentry is built on best-in-class cloud services. These services are configured by cloud experts, which ensures an extremely high level of security and minimizes the risk of configuration errors.

Enterprise-grade infrastructure.

essentry is ISO 27001-certified on the basis of BSI IT-Grundschutz (BSI-IGZ-0459-2021).
essentry servers are hosted in SOC 2 Type II and ISO 27001-certified facilities in the Frankfurt (Germany) region.

Our data center facilities are secured with a perimeter of multi-level security zones, 24/7 manned security forces, and CCTV video surveillance. They are secured by multi-factor identification with biometric access control, physical locks, and alarm systems in case of security breaches.

High availability.

essentry offers a highly available service. Should an incident occur, we have comprehensive incident response and customer notification procedures in place. We have a 24/7 service center and offer an onsite service for hardware-related issues with a 24x7x4 hour availability.

Data encryption.

Communication between the user and the essentry servers is encrypted according to industry best practices: HTTPS and Transport Layer Security (TLS) over public networks. Qualys’ SSL labs have rated our servers Level A+. In addition, when using our Windows kiosk, the total network traffic is routed via our IPSec VPN. The hard drives of all servers are encrypted according to AES-256.

Third-party penetration testing.

In addition to our extensive internal scanning and testing program, penetration tests are performed by selected service providers. essentry contracts third-party security experts to conduct a thorough annual penetration test for the entire essentry service offering.

Privacy-by-design

Compliance standards

At essentry, data privacy is a top priority. We value our customers’ trust and will ensure their visitor data is protected. We demonstrate our commitment to privacy preservation in both our processes and technical application design. We pursue a systematic privacy-by-design strategy.

Established and often manual processes
Insufficient verification of the identity document (ID)
Manual face match
Manual data processing and non-transparent retention policies
Non-transparent privacy policy and user consent
Established and often manual processes
What essentry does
What essentry does not do
Insufficient verification of the identity document (ID)
Verification of the identity document (ID) locally
Verification of the identity document (ID) in the cloud
Manual face match
1:1 face match
1:n facial recognition
Manual data processing and non-transparent retention policies
Advanced privacy rights and transparent retention policies
Same privacy rights for everyone and infinite data retention
Non-transparent privacy policy and user consent
Clear privacy policy and user consent
Processing sensitive data without given consent
Certificates and memberships
BSI-IGZ Logo

essentry is certified according to ISO 27001 on the basis of BSI IT-Grundschutz (BSI-IGZ-0459-2021).

Security IT Logo

essentry has been awarded the TeleTrust trust mark “IT Security made in Germany” by the German IT Security Association.

Syss Logo

The essentry software is regularly tested by penetration tests from SYSS GmbH.

Join thousands of industry experts to improve physical security at your organization's sites.