Security

Last updated: 9 May 2026 · How we protect your data and listings.

Hosting + data residency

FloorVia infrastructure runs in EU data centres (Hetzner, Falkenstein DE / Helsinki FI). All customer data — accounts, listings, leads, uploads, generated 3D scenes — stays inside the EU. No cross-border transfers.

Encryption

In transitTLS 1.2+ on every public endpoint (Let's Encrypt, auto-renewed). HSTS enforced.
At restPostgreSQL 16 on encrypted block storage (LUKS dm-crypt). Backups encrypted with age before off-site copy.
SecretsStored in 600-perm root-only env files. Never logged. Never committed.
PasswordsNone. Magic-link auth only — no password to leak. JWT cookies, HMAC-SHA256, HTTP-only, Secure, SameSite=Lax.

Access control

Application security

Backups + recovery

Monitoring + incident response

Payments

Card data never reaches FloorVia servers. All payments are processed by Stripe Payments Europe — PCI-DSS Level 1 certified. We store only Stripe customer + subscription IDs.

Vulnerability reports

Found something? Email security@floorvia.com. We acknowledge within 48 h. No bounty programme yet but we credit researchers who follow responsible disclosure.

Questions?

General: hello@floorvia.com
Security: security@floorvia.com
Data Protection: dpo@floorvia.com