trust & security
headstreamer is built to pass IT security and vendor-onboarding review at regulated organizations.
Controls for security, availability, confidentiality — audit-ready control set (access control, change management, audit logging, incident response).
Data portability (export) and erasure endpoints, EU data residency (Frankfurt), DPA available, named sub-processors, purpose-limited processing.
Operational resilience: audit trail, retention, incident register, tested backups, and third-party/sub-processor risk register for financial-entity vendors.
| Vendor | Purpose | Region |
|---|---|---|
| DigitalOcean | Compute hosting (EU / Frankfurt) | EU |
| Anthropic | AI model inference (Claude) | US |
| Cloudflare | CDN, WAF, TLS termination | Global |
| Stripe | Payment processing | US/EU |
Region: EU (Frankfurt). Retention — audit 12 months, sessions 30 days, backups 35 days. Customers can export or erase their data at any time (GDPR Art. 20 & 17).
Security contact: [email protected] · security.txt