Data protection and data security
at rooom
Your data deserves the highest level of protection. At rooom, we rely on first-class security standards and transparent processes.
Our Promise: Security as the Foundation
At rooom, the protection of your data is not just a central focus—it is the foundation of our entire platform. We understand that trust in the digital world is built on consistent security measures and absolute transparency.
Our platform not only meets the highest international security standards but exceeds them in many areas. From initial data collection to final storage, all information passes through multiple layers of security that are continuously monitored and optimized.
Data protection and compliance are never an afterthought for us; they are an integral part of every development decision. Your business data, customer data, and sensitive information are in safe hands—guaranteed by state-of-the-art technology and rigorous processes.
Open Telekom Cloud
We rely primarily on the Open Telekom Cloud and German data centers to operate our platform. This underscores our commitment to safeguarding your data in strict compliance with the GDPR and with a clear focus on the European legal jurisdiction.
ISO 27001 Certified
The data centers are ISO 27001 certified, thereby meeting the highest international standards for Information Security Management Systems. Regular audits ensure continuous compliance.
100% Green Energy
We are committed to ecological responsibility: By choosing the Open Telekom Cloud as our primary hosting partner, we ensure that our core systems are powered by 100% green energy. This significantly reduces our platform's carbon footprint.
GDPR Compliance as a Matter of Course
Data protection under European law is not just a legal obligation for us; it is a fundamental principle of our operations. Our platform is designed to be fully GDPR-compliant, enabling you to use it with legal certainty and without compromise.
We have integrated all requirements of the General Data Protection Regulation (GDPR) into our system architecture. From data minimization and purpose limitation to comprehensive data subject rights—every aspect has been carefully implemented and is continuously reviewed.
Our Privacy Policy is transparent and easy to understand. It explains exactly which data we collect, how we process it, and what rights you have as a user. If you have any questions, our Data Protection Officer is available to assist you at any time.
Information Security in Accordance
with ISO 27001
We operate consistently in accordance with the guidelines of the international ISO 27001 standard and implement comprehensive, multi-layered measures to protect your data. Our Information Security Management System (ISMS) is continuously developed and adapted to address new threat scenarios.
Comprehensive Encryption
We protect your data at every stage: Transmission takes place via encrypted connections (TLS 1.2/1.3). Your data at rest is encrypted using the highly secure AES-256 standard—a level of security trusted by banks.
Multi-Level Access Controls
Strict authentication procedures protect against unauthorized access. Multi-factor authentication (MFA), role-based access rights, and regular access reviews guarantee maximum security.
24/7 Security Monitoring
Our systems are monitored around the clock. Automated alarm systems and AI-powered anomaly detection ensure the early identification and defense against security risks.
Additional Security Measures
Regular Penetration Tests
Independent security experts regularly conduct comprehensive penetration tests to identify potential vulnerabilities before they become a problem.
Backup and Disaster Recovery
Automated, geo-redundant backups (within the chosen jurisdiction) ensure that your data remains available even in the event of an emergency. Our Disaster Recovery Plan guarantees minimal downtime.
Employee Training
All employees undergo regular training on data protection and information security. At rooom, security awareness is an integral part of our corporate culture.
Incident Response Team
Our specialized team responds immediately to security incidents. Clear escalation paths and established processes guarantee rapid and effective action.
Global Availability with Regional Adaptation
Content Delivery Network (CDN)
Thanks to our globally distributed Content Delivery Network (CDN), static content (such as 3D models or textures) is cached to guarantee fast loading times worldwide.
Your sensitive personal database information remains secure on our main servers within the chosen jurisdiction (e.g., Germany), while only visual assets are distributed to optimize performance.
Regional Server Instances
For customers outside the European Union—such as those in the USA, Canada, or Asia—we offer dedicated regional server instances. This enables us to fully comply with local data protection requirements and regulatory standards.
You decide where your data is stored. Do you want to keep your data within the EU? No problem. Do you need local hosting in the USA? That is also possible. Your compliance requirements are our top priority.
Your Control Over Your Data
Transparency and control are fundamental principles of our platform. You retain full control over your data at all times and can easily exercise all your GDPR rights.
Complete Transparency
Clear insight into the processing of your data. Our dashboard shows you at any time which data is stored and how it is being used. No hidden processes, no surprises.
Highest Data Security
Strict authentication procedures protect against unauthorized access. Multi-factor authentication (MFA), role-based access rights, and regular security audits guarantee the protection of your account.
Consistent Data Minimization
We exclusively collect data that is technically necessary for the use of our services. Data minimization is a principle, not a bargaining chip. Less data means less risk.
Individual Privacy
You decide who sees your data and rooms. With granular privacy settings, you always maintain control over whether your content is visible to the public, selected groups, or only to yourself.
