headstreamer
Log in

trust & security

Enterprise-grade by design.

headstreamer is built to pass IT security and vendor-onboarding review at regulated organizations.

SOC 2 Type II

Controls for security, availability, confidentiality — audit-ready control set (access control, change management, audit logging, incident response).

GDPR

Data portability (export) and erasure endpoints, EU data residency (Frankfurt), DPA available, named sub-processors, purpose-limited processing.

DORA

Operational resilience: audit trail, retention, incident register, tested backups, and third-party/sub-processor risk register for financial-entity vendors.

Sub-processors

VendorPurposeRegion
DigitalOceanCompute hosting (EU / Frankfurt)EU
AnthropicAI model inference (Claude)US
CloudflareCDN, WAF, TLS terminationGlobal
StripePayment processingUS/EU

Data

Region: EU (Frankfurt). Retention — audit 12 months, sessions 30 days, backups 35 days. Customers can export or erase their data at any time (GDPR Art. 20 & 17).

Security contact: [email protected] · security.txt

Built on headstreamer.com. The flow-of-funds brain. · Discover · Pricing · Trust · Developers · Terms · Privacy