Skip to main content

Data Storage

Spicom stores all user and business data exclusively in the European Union, using secure infrastructure and strict access control policies. This page outlines how your information is stored, protected, and managed.

Hosting Locations

Spicom is hosted on European servers:
  • Provider: Contabo
  • Primary datacenter: Germany
  • Environment: Hardened Linux virtual machines
  • Network: Private internal network for database communication
Your data never leaves the EU.

Data Types Stored

Spicom stores only the information necessary for operating your account and financial calculations.

Account data:

  • Email
  • Name
  • Hashed password
  • Authentication tokens (HTTP-only cookies)

Financial & business data:

  • Contracts
  • Customers
  • Workforce information
  • Global costs
  • Simulations
  • Calculated metrics

Technical data:

  • Error logs
  • Login metadata
  • Infrastructure-level metrics
No marketing or behavioral tracking is stored.

Database Storage

All data is stored in a secure, access-restricted database:
  • Encrypted at rest
  • Protected by firewall rules
  • Accessible only through private network connections
  • No external internet exposure
Only the Spicom backend service can read/write data.

Encryption Standards

Spicom applies strong security measures:
  • HTTPS/TLS encryption for all traffic
  • HTTP-only cookies for authentication
  • Password hashing using industry-standard algorithms
  • Database encryption at rest
No sensitive data is stored in plain text at any moment.

Backup Storage

Backups are essential for operational continuity.

Backup characteristics:

  • Automated
  • Encrypted
  • EU-only
  • Stored in secure storage separate from the main database
  • Rotated regularly (old backups expire automatically)
Backups may temporarily contain deleted data (GDPR-compliant, see below).

GDPR & Backups

When you delete your account:
  • All data is erased from the live system instantly
  • Backups may still contain encrypted historical snapshots
  • If a backup is restored, Spicom automatically purges any account marked as deleted
  • Deleted accounts never reappear
This ensures full GDPR compliance while maintaining operational safety.

Data Retention

Spicom retains your data:
  • As long as your account is active
  • Until deletion is requested
  • With automatic cleanup of expired backups
We do not retain unnecessary or unused data.

Access Control & Internal Security

We strictly limit who can access production data:
  • No direct database access for developers
  • Automated deployments only
  • Logged privileged operations
  • Internal admin tools restricted to operational personnel
Your financial data is never exposed to third parties or analytics tools.

Exporting Your Data

You may request:
  • Contract exports
  • Customer exports
  • Workforce exports
  • Full account export (JSON or CSV)
This ensures portability as required under GDPR.

Questions?

If you have concerns about data storage or want more detail: Contact support@spicom.co
We typically reply within 24 hours.