Skip to main content

Account & Security

This page explains how user accounts work in Spicom, how your data is protected, and how you can manage or delete your personal and financial data according to European regulations.

Managing Your Account

You can manage your profile from: Account → Settings Available options:
  • Update your first and last name
  • Change your password
  • View your plan status
  • Delete your account
Email changes must be requested through support to prevent account takeover.

Password Management

You can change your password anytime: Account → Change Password Rules:
  • Minimum 8 characters
  • Strongly recommended: unique password not used elsewhere
  • Never reuse the same password as your email
If you forgot your password, use: Forgot password → Receive reset email Reset links expire for security reasons.

Session Security (HTTP-Only Cookies)

Spicom uses HTTP-only cookies for authentication. This provides:
  • Protection against XSS
  • Tokens inaccessible to JavaScript
  • More secure session storage
  • Automatic invalidation when logging out
  • Automatic expiration after inactivity
If you experience logout loops or instant logouts, cookies may be blocked by the browser.

Where Your Data Is Stored

Spicom is fully hosted within the European Union.
  • Hosting provider: Contabo
  • Datacenter: Germany
  • Database: Encrypted at rest
  • Environment: Hardened Linux VMs
  • Network: Private internal network for database access
Your data never leaves the EU.

Data Encryption

Spicom applies industry-standard protections:
  • All communication runs through HTTPS/TLS
  • Passwords are stored as irreversible hashes
  • Sensitive fields are stored encrypted
  • HTTP-only session cookies prevent token theft
Your contract and financial data remain private at all times.

Backups & GDPR-Compliant Deletion

Spicom maintains automated encrypted backups to ensure service continuity. Important notes:
  • Backups may contain your data until they expire naturally
  • If a backup is restored for operational reasons,
    any account previously deleted is automatically purged during restoration
  • Deleted accounts never reappear
This guarantees full compliance with GDPR’s right to erasure, even with backup cycles.

Deleting Your Account

You can delete your account anytime: Account → Security → Delete Account When you confirm deletion:
  • Your entire account is permanently removed
  • All contracts, customers, workforce entries, and metrics are erased
  • Access to the platform is revoked immediately
  • Remaining backup snapshots will respect automatic purge rules upon restoration
  • The deletion is irreversible
If you need help before deleting your account, contact support.

Logging & Monitoring

Spicom collects minimal technical logs for:
  • Error detection
  • Performance monitoring
  • Security events (e.g., failed logins)
Logs never include:
  • Contract data
  • Customer names
  • Financial values
  • Personal content
You may request that logs associated with your user ID be erased.

GDPR & User Rights

As an EU-hosted SaaS, Spicom provides:
  • Right of access
  • Right of rectification
  • Right of deletion
  • Right of export
  • Right to restrict processing
  • Right to withdraw consent
To exercise any of these rights, contact support through your dashboard.

Reporting a Security Issue

If you detect a vulnerability or suspicious behavior:
  • Contact support immediately
  • Provide a clear description of the issue
  • Do not attempt further exploitation
  • Do not publish details publicly
We take security reports seriously and respond promptly.

Need help?

If you have any questions about your account or data protection:
  • Contact support inside your dashboard
  • Or use the official help form
We typically respond within 24 hours.