Honesty is one of our three core values. And saying we are honest is one thing, but doing it is another. On this page we therefore will do what we say we do. And that is transparency and honesty.

Security & Privacy

Security and privacy come first, that’s what we say we do. That means that we have to do this ourselves too. Below you will find an overview of security tests and our explanation thereof. Of course we have applied the suggestions for improvement from all test sites where technically possible.


Security Rating

Our partner SecurityScorecard gives us the excellent rating A on our entire public digital footprint. We score an A in the area of Network Security, DNS Health, Patch management, IP Reputation, and Application Security..

The security rating from SecurityScorecard can be viewed here, or downloaded here.

Doing business with us means a 5 times smaller chance of a breach or data breach than with organizations that score C or lower!

Secure email traffic

Secure email traffic is very important. That’s why we do everything we can to keep our email traffic with all our customers and suppliers secure. We have therefore achieved the highest possible score for us. gives our email environment a score of 97%.

Secure connection

A secure website starts with a secure connection between your browser and our website. That is why we are putting everything in place to take all the security measures that we can. therefore gives our website a score of 97%.

Secure website

We have also taken the necessary steps regarding the configuration of our web servers. Not only the website and connection must be secure, but also the platform on which it runs.

ImmuniWeb therefore gives our website a score of A+.

Robust encryption

We use a strong and modern encryption standard on our website and services. This means that the connection between your computer and our server is encrypted and protected in a robust manner. This way we prevent data from leaking.

Qualys SSL Labs therefore gives our website a score of an A+.

Encryption guaranteed

We comply with the so-called HSTS preload status. With this, web browsers know that our website should always be visited via HTTPS (encryption). So when someone tries to breaks into your connection, the traffic cannot be diverted.

HSTS preload therefore indicates that our status for HSTS preload is allowed .

Secure headers

Our website has a set of well-configured Security Headers. This means that the webbrowser can take specific security measures to ensure that our website cannot be misused to mislead you.

Security Headers therefore gives our website a score of an A.

Privacy protection and legal requests

Security is of course one thing, but privacy, the protection thereof and legal requests are also part of that. Please see our Privacy Statement for more information about what we do for you to protect your privacy.

Responsible Disclosures

Ethical hackers make a great contribution to the digital security of our society. In addition to having a procedure so that we can report found vulnerabilities, we also state below which valid reports have been made.

Our Hacker's Hall-of-Fame

  • 2021/01/29 – Chan Nyein Wai – Denial of Service vulnerability in load-styles.php – no patch by WordPress; already applied compensating controls in regard to report of 2019/06/03 for CVE-2018-6389.
  • 2020/09/08 – Shebi LeviDenial of Service vulnerability in wp-cron.php – no patch by WordPress; applied compensating controls
  • 2020/04/02 – Gul HameeTabnabbing vulnerability on a set of links – no patch by Divi; removed “_blank” targets from links
  • 2019/08/06 – Mansouri BadisDenial of Service vulnerability in XML-RPC – no patch by WordPress; applied compensating controls
  • 2019/06/03 – Asim – Denial of Service vulnerability in load-scripts.php (CVE-2018-6389– no patch by WordPress; applied compensating controls

Geolocation data processing

We choose our technology suppliers and partners carefully. One of the most important criteria is the storage location of the data we process. We also conclude a Data Processing Agreement if required. If there is a transfer of personal data from the European Economic Area (EEA) to countries or organizations outside the EEA, we will take additional measures, such as concluding Standard Contractual Clauses from the European Commission.

Overview core suppliers

  • We use Amazon Web Services to host our website and our own services. We primarily use the data center in Germany, and as secondary the data center in Ireland.
    Read more about their GDPR policy here.
  • Cloudflare is used to protect our website and our own services from cyber attacks. The nature of the architecture is that the closest edge servers are used. For our Dutch customers this is Amsterdam, for example.
    Read more about their GDPR policy here.
  • Google Suite is our office, collaboration and email environment. We have also set the storage location to the European Union.
    Read more about their GDPR policy here.


There is something else that we find very important. And that is sustainability. With our company we depend on third parties for a sustainable approach. Because our company works entirely in the cloud. We do not have our own servers and other hardware, other than a laptop and a smartphone per employee.

For that reason we provide data or links to sustainability information of our core suppliers for data storage and processing capabilities.

Overview core suppliers

  • Amazon Web Services is committed to run their business in the most environmentally friendly way possible
  • Cloudflare has deployed their architecture in such a way that energy is not wasted as much as possible.
  • Google strives to build sustainability into everything they do.

• • •