Trust Center

openProd.io is committed to security, privacy, and regulatory compliance. We implement industry-standard technical and organizational measures to protect your data and meet enterprise requirements.

Data Protection

We process personal data in compliance with the General Data Protection Regulation (GDPR). As a company based in the EU (Poland), we apply European data protection standards by default to all users regardless of location.

Data processing is governed by our Privacy Policy
We maintain records of processing activities as required by Art. 30 GDPR
We have appointed an internal data protection point of contact

Infrastructure Security

Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
Access Control: Role-based access with least-privilege principles
Monitoring: Continuous infrastructure monitoring and alerting
Backups: Automated, encrypted backups with tested recovery procedures

Application Security

Secure software development lifecycle (SSDLC)
Regular dependency audits and vulnerability scanning
Input validation and output encoding to prevent injection attacks
Authentication with industry-standard protocols

Compliance

Framework	Status
GDPR (EU General Data Protection Regulation)	Compliant
DPP (Digital Product Passport)	Ready
GPSR (General Product Safety Regulation)	Supported
SOC 2 Type II	In Progress

Vendor Management

We carefully vet all third-party services and ensure they meet our security and privacy requirements. All vendors with access to personal data operate under Data Processing Agreements (DPAs) with Standard Contractual Clauses (SCCs) where applicable.

Incident Response

We maintain an incident response plan that includes:

Defined escalation procedures
Notification to affected parties within 72 hours as required by GDPR
Post-incident review and remediation

Contact

For security inquiries, compliance questions, or to report a vulnerability:

Lemonmind sp. z o.o. ul. Azymutalna 9, 80-298 Gdansk, Poland Email: hello@openprod.io