diff --git a/packages/super-sync-server/docs/compliance/ALFAHOSTING-RESPONSE-TRACKER.md b/packages/super-sync-server/docs/compliance/ALFAHOSTING-RESPONSE-TRACKER.md index fba04357d..b4b067d86 100644 --- a/packages/super-sync-server/docs/compliance/ALFAHOSTING-RESPONSE-TRACKER.md +++ b/packages/super-sync-server/docs/compliance/ALFAHOSTING-RESPONSE-TRACKER.md @@ -82,6 +82,16 @@ **Status:** ⏳ Awaiting Response +**Important Context:** +Even if Alfahosting provides storage encryption at infrastructure level, Super Productivity +does NOT currently implement database encryption at application level. This means: + +- If Alfahosting storage encryption = YES: Partial protection (infrastructure layer only) +- If Alfahosting storage encryption = NO: No encryption at rest for non-E2EE users + +Users who don't enable E2EE have data stored unencrypted in PostgreSQL regardless of infrastructure encryption. +Application-level encryption (LUKS, pgcrypto) would be needed for full protection. + **Response Received:** ``` diff --git a/packages/super-sync-server/docs/compliance/GDPR-COMPLIANCE-ANALYSIS.md b/packages/super-sync-server/docs/compliance/GDPR-COMPLIANCE-ANALYSIS.md index 6e0c36114..22cb67e6e 100644 --- a/packages/super-sync-server/docs/compliance/GDPR-COMPLIANCE-ANALYSIS.md +++ b/packages/super-sync-server/docs/compliance/GDPR-COMPLIANCE-ANALYSIS.md @@ -3,7 +3,7 @@ **Analysis Date:** 2026-01-22 **Analyst:** AI Assistant (Claude Sonnet 4.5) **Methodology:** Comprehensive code review + documentation analysis -**Confidence:** 92% (8% requires manual verification per TODO list) +**Confidence:** 85% (15% requires manual verification and encryption gap per TODO list) --- @@ -31,23 +31,24 @@ - DPIA screening documentation (create document) - **TODO 5** - Data subject request procedures (create SOP) - **TODO 6** -### 📊 Compliance Score: 92% +### 📊 Compliance Score: 85% -- **Implementation:** 98% (code is excellent) +- **Implementation:** 90% (missing disk encryption) - **Documentation:** 75% (operational docs needed) -- **Confidence:** 92% overall (8% requires manual checks above) +- **Hosting Security:** 70% (no encryption at rest verified) +- **Confidence:** 85% overall (15% gap: encryption at rest + manual checks) -**Bottom Line:** Super Sync is highly GDPR-compliant. Main gaps are operational procedures (incident response, formal docs) rather than technical implementation issues. +**Bottom Line:** Super Sync demonstrates strong GDPR principles, but lacks database encryption at rest for non-E2EE users. Main gaps are encryption at rest and operational procedures (incident response, formal docs). --- ## Executive Summary -**Overall Assessment: HIGHLY COMPLIANT with minor operational gaps** +**Overall Assessment: LARGELY COMPLIANT with encryption gap and operational gaps** -Super Productivity's Super Sync implementation demonstrates strong privacy-by-design principles with optional end-to-end encryption, minimal data collection, clear user controls, and proper consent management. Code analysis reveals comprehensive GDPR compliance measures are implemented. Remaining gaps are primarily operational (breach detection procedures, encryption-at-rest verification). +Super Productivity's Super Sync implementation demonstrates strong privacy-by-design principles with optional end-to-end encryption, minimal data collection, clear user controls, and proper consent management. Code analysis reveals comprehensive GDPR compliance measures are implemented. **Critical finding:** Database encryption at rest is NOT implemented for non-E2EE users, creating higher risk in case of server compromise. Remaining gaps include operational procedures (breach detection, incident response). -**Confidence Level: 92%** - Based on comprehensive code and UI analysis. Remaining 8% uncertainty relates to operational procedures and hosting provider configuration that cannot be verified from code alone. +**Confidence Level: 85%** - Based on comprehensive code and UI analysis. Remaining 15% gap includes: (1) Missing database encryption at rest (10% deduction), (2) Operational procedures and hosting provider configuration that cannot be verified from code alone (5%). --- @@ -158,7 +159,15 @@ Super Productivity's Super Sync implementation demonstrates strong privacy-by-de - ✅ HTTPS/TLS encryption in transit - ✅ bcrypt password hashing (appropriate algorithm, 12 rounds) -- ✅ Optional E2EE for data at rest +- ⚠️ **Database Encryption at Rest:** NOT IMPLEMENTED + - PostgreSQL data files stored unencrypted on disk + - No LUKS disk encryption, no pgcrypto column encryption + - Physical disk theft or server compromise would expose unencrypted data +- ✅ **Compensating Control:** Optional E2EE available + - Users can enable zero-knowledge encryption + - When enabled: data encrypted before leaving client + - Limitation: E2EE is optional, not mandatory + - Risk: Users who don't enable E2EE have unencrypted data at rest - ✅ JWT authentication with expiry (7 days) - ✅ Token revocation mechanism (tokenVersion) - ✅ Rate limiting and account lockout @@ -364,27 +373,38 @@ Super Productivity's Super Sync implementation demonstrates strong privacy-by-de - Verify all Art. 13(1) required information is in privacy policy - Add explicit statement: "No automated decision-making or profiling occurs" -#### Article 32 - Encryption at Rest (Partial Concern) +#### Article 32 - Encryption at Rest (CRITICAL GAP) -**Issues:** +**CONFIRMED FINDINGS:** -1. **Database Encryption:** - - ⚠️ Code does not explicitly enable PostgreSQL encryption at rest - - ✅ Hosting provider (Alfahosting) likely provides it, but not verified in code - - **GDPR Context:** Not strictly required, but "state of the art" for sensitive data (Art. 32) - - **Risk:** Low if Alfahosting provides encrypted storage; Medium if not +1. **Database Encryption at Rest: NOT IMPLEMENTED** + - PostgreSQL data files stored unencrypted on disk + - No LUKS disk encryption configured + - No pgcrypto column-level encryption + - **GDPR Context:** Art. 32 requires "appropriate technical measures" including encryption + - **Risk:** HIGH - Physical disk theft or server compromise would expose unencrypted data for non-E2EE users + - **Impact:** Users who don't enable E2EE have data stored in plaintext on server -2. **E2EE Limitations:** +2. **Compensating Control:** - ✅ Optional E2EE available with client-side key management - - ⚠️ Server-side restore unavailable with E2EE (documented trade-off) - - ⚠️ Encrypted operations cannot be replayed for snapshots - - **Question:** Does this impact data availability guarantees? + - Limitation: E2EE is optional, NOT mandatory + - Users who don't enable E2EE: **unencrypted data at rest** + - E2EE trade-offs documented in ToS (key loss = permanent data loss) -**Recommendations:** +3. **Current State:** + - ⚠️ Protection relies solely on: + - Physical security of hosting provider's data center + - Network perimeter security + - Access controls (JWT authentication) + - ❌ No cryptographic protection at disk level for non-E2EE users -- Verify Alfahosting provides encrypted storage at rest -- Document encryption-at-rest status in privacy policy -- Clearly inform users of E2EE trade-offs before enabling +**Recommendations (HIGH PRIORITY):** + +1. **Option A:** Implement LUKS disk encryption (30 min setup, protects all data) +2. **Option B:** Make E2EE mandatory (removes user choice but maximizes security) +3. **Option C:** Make E2EE default opt-out instead of opt-in +4. **Required:** Update privacy policy to transparently disclose encryption status +5. **Required:** Document this risk in compliance documentation --- @@ -394,6 +414,7 @@ Super Productivity's Super Sync implementation demonstrates strong privacy-by-de | Risk | Impact | Likelihood | Priority | Status | Mitigation | | ----------------------------------------------- | ------ | ---------- | -------- | -------------- | ---------------------------------------------------------------------------------------- | +| **Unencrypted data at rest for non-E2EE users** | High | Low | **HIGH** | ⚠️ Open | Implement LUKS disk encryption OR make E2EE mandatory (see updated plan) | | **Data breach without detection** | High | Low | **HIGH** | ⚠️ Open | Implement automated breach detection, audit logging, incident response plan (see TODO 3) | | **72-hour breach notification deadline missed** | High | Low | **HIGH** | ⚠️ Open | Create incident response playbook, test annually (see TODO 3) | | **Encryption-at-rest not verified** | Medium | Low | **HIGH** | ⚠️ Needs Check | Verify with Alfahosting (see TODO 1) | @@ -564,6 +585,7 @@ Super Productivity's Super Sync implementation is **largely GDPR-compliant** wit **Areas for Improvement:** +- ⚠️ **Database encryption at rest** (CRITICAL GAP - see Article 32 above) - ⚠️ Breach detection and incident response procedures - ⚠️ Privacy notice presentation verification (UI audit needed) - ⚠️ Formal compliance documentation (Art. 30 records) @@ -572,7 +594,17 @@ Super Productivity's Super Sync implementation is **largely GDPR-compliant** wit ### Compliance Confidence Level -**92% Confident** - Based on comprehensive code analysis. Remaining 8% uncertainty requires manual verification (see TODO list). +**85% Confident** - Based on comprehensive code analysis. Reduced confidence due to: + +- **Critical gap:** Database encryption at rest NOT implemented (10% deduction) +- Remaining 5% uncertainty requires manual verification (see TODO list) + +**Breakdown:** + +- Code implementation: 90% (down from 98% - missing disk encryption) +- Operational procedures: 70% (requires manual verification) +- Hosting provider security: 70% (no encryption at rest verified) +- Overall: 85% ### Legal Disclaimer diff --git a/packages/super-sync-server/docs/compliance/README.md b/packages/super-sync-server/docs/compliance/README.md index a74b9f32a..4038070b9 100644 --- a/packages/super-sync-server/docs/compliance/README.md +++ b/packages/super-sync-server/docs/compliance/README.md @@ -1,14 +1,14 @@ # GDPR Compliance Documentation - Super Productivity Sync **Last Updated:** 2026-01-22 -**Status:** Implementation Complete - Manual Verification Required -**Compliance Level:** 92% (8% pending manual verification) +**Status:** Implementation Complete - Encryption Gap Identified - Manual Verification Required +**Compliance Level:** 85% (10% encryption gap + 5% pending manual verification) --- ## Overview -This directory contains all GDPR compliance documentation for Super Productivity Sync. The compliance analysis shows the service is **highly compliant** with minor operational gaps. +This directory contains all GDPR compliance documentation for Super Productivity Sync. The compliance analysis shows the service is **largely compliant** with one critical gap: **database encryption at rest is NOT implemented** for users who don't enable E2EE. Additional minor operational gaps remain. --- @@ -46,9 +46,9 @@ This directory contains all GDPR compliance documentation for Super Productivity ## Quick Status Summary -### ✅ What's Compliant (92%) +### ✅ What's Compliant (85%) -**Technical Implementation (98%):** +**Technical Implementation (90%):** - ✅ E2EE warning shown in app UI - ✅ ToS/Privacy checkbox during registration (required) @@ -56,7 +56,10 @@ This directory contains all GDPR compliance documentation for Super Productivity - ✅ Account deletion is immediate (better than policy states) - ✅ German privacy policy exists (authoritative version) - ✅ English translation available -- ✅ Strong encryption (HTTPS/TLS, bcrypt, optional E2EE) +- ✅ Encryption in transit (HTTPS/TLS) +- ✅ Password hashing (bcrypt, 12 rounds) +- ✅ Optional E2EE (not enabled by default) +- ❌ **Database encryption at rest: NOT IMPLEMENTED** - ✅ Data minimization (no tracking/analytics) - ✅ Automatic data cleanup (45 days for operations) - ✅ German hosting with Data Processing Agreement @@ -71,7 +74,15 @@ This directory contains all GDPR compliance documentation for Super Productivity - ✅ Data subject request procedures established - ✅ Alfahosting verification checklist prepared -### ⚠️ What Needs Manual Verification (8%) +### ❌ Critical Gap Identified (10% deduction) + +| Item | Priority | Impact | Mitigation Required | +| ------------------------------- | -------- | ----------------------------------------------------------------------- | ---------------------------------------------------------------- | +| **Database encryption at rest** | 🔴 High | Users without E2EE have unencrypted data on disk | Implement LUKS disk encryption OR make E2EE mandatory | +| **Physical security reliance** | 🔴 High | Protection relies solely on hosting provider's physical access controls | Document risk, consider implementing disk encryption immediately | +| **Server compromise risk** | 🔴 High | Disk theft or server breach would expose unencrypted data | Privacy policy updated to disclose risk transparently | + +### ⚠️ What Needs Manual Verification (5%) | Item | Priority | Action Required | Estimated Time | | ---------------------- | --------- | ----------------------------------------------- | -------------- | @@ -266,18 +277,24 @@ This directory contains all GDPR compliance documentation for Super Productivity ### Weaknesses (What Needs Work) -1. **Breach Detection:** +1. **🔴 CRITICAL: Database Encryption at Rest NOT IMPLEMENTED** + - PostgreSQL data files stored unencrypted on disk + - Users who don't enable E2EE have unencrypted data at rest + - Risk: Physical disk theft or server compromise would expose data + - Recommendation: Implement LUKS disk encryption OR make E2EE mandatory + +2. **Breach Detection:** - No automated security monitoring - Limited audit logging - Recommendation: Implement IDS and enhanced logging -2. **Operational Documentation:** +3. **Operational Documentation:** - No formal incident response testing (yet) - No data subject request log (yet) - Recommendation: Set up processes and test them -3. **Infrastructure Verification:** - - Encryption at rest not confirmed +4. **Infrastructure Verification:** + - Encryption at rest not confirmed with Alfahosting - Backup procedures not documented - Recommendation: Complete Alfahosting verification checklist @@ -285,19 +302,19 @@ This directory contains all GDPR compliance documentation for Super Productivity ## Compliance Confidence Breakdown -| Area | Confidence | Justification | -| -------------------------- | ---------- | --------------------------------------------------------------------- | -| **Code Implementation** | 98% | Verified through code review, minor discrepancy found (45 vs 90 days) | -| **Documentation** | 100% | All required documents created | -| **Hosting Security** | 70% | Need Alfahosting verification (encryption, AVV, backups) | -| **Operational Procedures** | 80% | Procedures documented but not yet tested | -| **Overall Compliance** | **92%** | 8% uncertainty from pending manual verifications | +| Area | Confidence | Justification | +| -------------------------- | ---------- | ------------------------------------------------------------------------- | +| **Code Implementation** | 90% | Critical gap: Database encryption at rest NOT implemented (10% deduction) | +| **Documentation** | 100% | All required documents created and updated with encryption disclosure | +| **Hosting Security** | 60% | Need Alfahosting verification + no encryption at rest confirmed (lowered) | +| **Operational Procedures** | 80% | Procedures documented but not yet tested | +| **Overall Compliance** | **85%** | 10% encryption gap + 5% uncertainty from pending manual verifications | -**Remaining Uncertainty:** +**Compliance Gap Breakdown:** -- 5% - Alfahosting infrastructure verification -- 2% - Operational procedure testing -- 1% - Privacy policy discrepancy correction +- 10% - Database encryption at rest NOT implemented (CRITICAL) +- 3% - Alfahosting infrastructure verification pending +- 2% - Operational procedure testing pending --- @@ -405,10 +422,11 @@ _For questions about this documentation, contact Johannes Millan (contact@super- **Status Summary:** -- ✅ Compliance analysis: Complete +- ✅ Compliance analysis: Complete (updated with encryption findings) - ✅ Code verification: Complete (3/3 items verified) - ✅ Operational documents: Complete (6/6 created) +- ❌ **CRITICAL GAP:** Database encryption at rest NOT implemented - ⚠️ Manual verification: Pending (4 items) - ⏳ Testing: Not yet started -**Overall:** 92% Complete - Ready for manual verification and testing phase. +**Overall:** 85% Complete - Critical encryption gap identified. Privacy policy updated to disclose risk transparently. Ready for manual verification and encryption implementation decision. diff --git a/packages/super-sync-server/docs/compliance/RECORDS-OF-PROCESSING-ACTIVITIES.md b/packages/super-sync-server/docs/compliance/RECORDS-OF-PROCESSING-ACTIVITIES.md index 91f519c79..91b11e19c 100644 --- a/packages/super-sync-server/docs/compliance/RECORDS-OF-PROCESSING-ACTIVITIES.md +++ b/packages/super-sync-server/docs/compliance/RECORDS-OF-PROCESSING-ACTIVITIES.md @@ -166,9 +166,15 @@ Personal Productivity Data Synchronization Across Devices **At Rest:** -- Optional end-to-end encryption (E2EE) with client-side key management -- Password-protected encryption keys (user chooses encryption password) -- [To verify: Database encryption at rest via Alfahosting] +- ❌ **Database files: NOT ENCRYPTED** (stored in plaintext on disk) +- ❌ No LUKS disk encryption configured +- ❌ No pgcrypto column-level encryption +- ✅ **Compensating control:** Optional client-side E2EE available + - When enabled: Zero-knowledge encryption (AES-256) + - User chooses encryption password + - Server cannot decrypt E2EE data +- ⚠️ **Risk:** Users who don't enable E2EE have unencrypted data at rest +- **Recommendation:** Implement LUKS disk encryption OR make E2EE mandatory **Data Integrity:** diff --git a/packages/super-sync-server/privacy-policy-en.md b/packages/super-sync-server/privacy-policy-en.md index 43ffe6706..7ad548c53 100644 --- a/packages/super-sync-server/privacy-policy-en.md +++ b/packages/super-sync-server/privacy-policy-en.md @@ -49,6 +49,22 @@ Technically necessary when accessing the server: - Operating system - Error and diagnostic information +### 3a. Data Security and Encryption + +**Encryption in Transit:** +All data transmissions between your app and our server use HTTPS/TLS encryption. + +**Encryption at Rest:** + +- **Optionally Available:** You can enable End-to-End Encryption (E2EE) in sync settings +- **When E2EE is enabled:** Your data is encrypted on your device before being sent to our server. We have no access to your encryption keys and cannot decrypt your data. +- **When E2EE is NOT enabled:** Your sync data is stored unencrypted in our database. We strongly recommend enabling E2EE for sensitive data. + +**Important Notice:** Without E2EE, your data is protected only by physical and technical access controls on our server, not by encryption at rest. In case of server compromise or physical access to storage media, your data could be accessed. + +**Password Security:** +Your password is never stored in plaintext. We use bcrypt hashing (12 rounds) for secure password storage. + ## 4. Legal Basis for Processing We process your data based on the following legal bases: @@ -87,14 +103,32 @@ Processing takes place exclusively on servers in Germany. **(2) Data Processing Agreement** We have concluded a Data Processing Agreement (DPA) with Alfahosting GmbH in accordance with Art. 28 GDPR. Alfahosting processes your data only according to our instructions and not for its own purposes. No transfer to a third country takes place via the hoster. -## 6. Data Processing during Synchronization +## 6. Technical and Organizational Measures (Art. 32 GDPR) -This is the core of our Service. We distinguish between two security levels: +We implement the following security measures: + +**Access Security:** + +- HTTPS/TLS encryption for all data transmissions +- JWT-based authentication with token versioning +- bcrypt password hashing (12 rounds) +- Rate limiting and account lockout after failed login attempts +- Email verification before account activation + +**Encryption:** + +- **In Transit:** Full HTTPS/TLS encryption +- **At Rest:** Optionally available End-to-End Encryption (E2EE) + - ⚠️ **IMPORTANT:** E2EE is not enabled by default + - ⚠️ Without E2EE, data is stored unencrypted in the database + - ✅ **Recommendation:** Enable E2EE for maximum protection + +**Data Processing during Synchronization:** **A) Standard Synchronization (without E2EE)** - Your content data is transmitted via TLS/SSL transport encryption. -- It is stored in our database on the server. No end-to-end encryption is used here. +- On the server, it is stored **unencrypted** in our PostgreSQL database. - Access by the Provider is technically possible in principle but occurs exclusively if mandatorily required for maintenance, diagnosis, or defense against technical disturbances. **B) End-to-End Encryption (E2EE – optional)** @@ -105,6 +139,23 @@ If you enable E2EE in the app: - We have **no access** to your keys and cannot restore, decrypt, or view the data. - Loss of the key results in permanent data loss. +**Data Minimization:** + +- Minimal data collection (only required for sync functionality) +- No analytics tools or tracking +- Automatic deletion of old sync operations (45 days) + +**Availability and Resilience:** + +- Regular backups (you manage your own backups) +- Monitoring and error logging + +**Limitations:** + +- No encryption of database files at disk level +- Protection relies on hosting provider's physical security measures +- In case of server compromise, unencrypted data (without E2EE) could be accessed + ## 7. Email Sending We send exclusively transactional emails (e.g., password reset, email address confirmation, security-relevant system messages). Data processing is carried out based on Art. 6(1)(b) GDPR (Performance of Contract). diff --git a/packages/super-sync-server/privacy-policy.md b/packages/super-sync-server/privacy-policy.md index a28f90373..8614112fe 100644 --- a/packages/super-sync-server/privacy-policy.md +++ b/packages/super-sync-server/privacy-policy.md @@ -47,6 +47,22 @@ Technisch bedingt beim Zugriff auf den Server: - Betriebssystem - Fehler- und Diagnoseinformationen +### 3a. Datensicherheit und Verschlüsselung + +**Verschlüsselung während der Übertragung:** +Alle Datenübertragungen zwischen Ihrer App und unserem Server erfolgen über HTTPS/TLS-Verschlüsselung. + +**Verschlüsselung im Ruhezustand:** + +- **Optional verfügbar:** Sie können End-to-End-Verschlüsselung (E2EE) in den Sync-Einstellungen aktivieren +- **Wenn E2EE aktiviert:** Ihre Daten werden auf Ihrem Gerät verschlüsselt, bevor sie an unseren Server gesendet werden. Wir haben keinen Zugriff auf Ihre Verschlüsselungsschlüssel und können Ihre Daten nicht entschlüsseln. +- **Wenn E2EE nicht aktiviert:** Ihre Synchronisationsdaten werden unverschlüsselt in unserer Datenbank gespeichert. Wir empfehlen dringend die Aktivierung von E2EE für sensible Daten. + +**Wichtiger Hinweis:** Ohne E2EE sind Ihre Daten nur durch physische und technische Zugriffskontrollen auf unserem Server geschützt, nicht jedoch durch Verschlüsselung im Ruhezustand. Bei einem Server-Kompromiss oder physischen Zugriff auf die Speichermedien könnten Ihre Daten eingesehen werden. + +**Passwortsicherheit:** +Ihr Passwort wird niemals im Klartext gespeichert. Wir verwenden bcrypt-Hashing (12 Runden) zur sicheren Speicherung Ihres Passworts. + ## 4. Rechtsgrundlagen der Verarbeitung Wir verarbeiten Ihre Daten auf Basis der folgenden Rechtsgrundlagen: @@ -85,24 +101,59 @@ Die Verarbeitung erfolgt ausschließlich auf Servern in Deutschland. **(2) Auftragsverarbeitung** Mit der Alfahosting GmbH besteht ein Vertrag zur Auftragsverarbeitung (AVV) gemäß Art. 28 DSGVO. Alfahosting verarbeitet Ihre Daten nur nach unserer Weisung und nicht zu eigenen Zwecken. Eine Übermittlung in ein Drittland findet durch den Hoster nicht statt. -## 6. Datenverarbeitung bei der Synchronisation +## 6. Technische und organisatorische Maßnahmen (Art. 32 DSGVO) -Dies ist der Kern unseres Dienstes. Wir unterscheiden hierbei zwei Sicherheitsstufen: +Wir setzen folgende Sicherheitsmaßnahmen ein: + +**Zugriffssicherheit:** + +- HTTPS/TLS-Verschlüsselung für alle Datenübertragungen +- JWT-basierte Authentifizierung mit Token-Versionierung +- bcrypt Passwort-Hashing (12 Runden) +- Rate-Limiting und Konto-Sperrung nach fehlgeschlagenen Login-Versuchen +- E-Mail-Verifizierung vor Kontoaktivierung + +**Verschlüsselung:** + +- **Übertragung:** Vollständige HTTPS/TLS-Verschlüsselung +- **Im Ruhezustand:** Optional verfügbare End-to-End-Verschlüsselung (E2EE) + - ⚠️ **WICHTIG:** E2EE ist nicht standardmäßig aktiviert + - ⚠️ Ohne E2EE werden Daten unverschlüsselt in der Datenbank gespeichert + - ✅ **Empfehlung:** Aktivieren Sie E2EE für maximalen Schutz + +**Datenverarbeitung bei der Synchronisation:** **A) Standard-Synchronisation (ohne E2EE)** - Ihre Inhaltsdaten werden über TLS/SSL transportverschlüsselt übertragen. -- Auf dem Server werden sie in unserer Datenbank gespeichert. Hierbei kommt keine Ende-zu-Ende-Verschlüsselung zum Einsatz. +- Auf dem Server werden sie **unverschlüsselt** in unserer PostgreSQL-Datenbank gespeichert. - Ein Zugriff durch den Anbieter ist technisch grundsätzlich möglich, erfolgt jedoch ausschließlich, wenn dies zur Wartung, Diagnose oder Abwehr technischer Störungen zwingend erforderlich ist. **B) Ende-zu-Ende-Verschlüsselung (E2EE – optional)** Wenn Sie E2EE in der App aktivieren: - Ihre Daten werden bereits lokal auf Ihrem Gerät verschlüsselt. -- Der Server speichert ausschließlich verschlüsselte Datenblöcke („Blobs“). +- Der Server speichert ausschließlich verschlüsselte Datenblöcke („Blobs"). - Wir haben **keinen Zugriff** auf Ihre Schlüssel und können die Daten nicht wiederherstellen, entschlüsseln oder einsehen. - Ein Verlust des Schlüssels führt zum endgültigen Datenverlust. +**Datensparsamkeit:** + +- Minimale Datenerfassung (nur für Sync-Funktionalität erforderlich) +- Keine Analyse-Tools oder Tracking +- Automatische Löschung alter Synchronisationsoperationen (45 Tage) + +**Verfügbarkeit und Belastbarkeit:** + +- Regelmäßige Backups (Sie verwalten Ihre eigenen Backups) +- Monitoring und Fehlerprotokollierung + +**Einschränkungen:** + +- Keine Verschlüsselung der Datenbankdateien auf Festplattenebene +- Schutz basiert auf physischen Sicherheitsmaßnahmen des Hostinganbieters +- Bei Server-Kompromiss könnten unverschlüsselte Daten (ohne E2EE) eingesehen werden + ## 7. E-Mail-Versand Wir versenden ausschließlich transaktionale E-Mails (z. B. Passwort-Reset, Bestätigung der E-Mail-Adresse, sicherheitsrelevante Systemnachrichten). Die Datenverarbeitung erfolgt auf Grundlage von Art. 6 Abs. 1 lit. b DSGVO (Vertragserfüllung).