SoftBCom processes and stores customer data primarily within the European Union.
Our core infrastructure is hosted in EU-based data centers (e.g. Hetzner Hetzner Online GmbH in Germany), and primary data storage and application-level processing are performed within the EU. All data centers involved are ISO/IEC 27001 certified or equivalent and meet requirements for physical security, power supply, access control, and redundancy.
For specific functionalities, including voice processing, speech recognition, speech synthesis and LLM-based analysis, SoftBCom engages subprocessors. These services may involve the processing of data outside the EU.
Where technically feasible, SoftBCom configures data processing to use EU-based infrastructure and regional endpoints (e.g. for voice processing and downstream services). However, due to the nature of real-time communication routing and distributed cloud services, certain processing activities may occur outside the EU.
In such cases, SoftBCom ensures appropriate safeguards in accordance with the GDPR, including Data Processing Agreements (DPAs), Standard Contractual Clauses (SCCs), and other contractual, technical or organisational measures, where applicable.
SoftBCom applies strict data minimization principles and limits the scope of transmitted data to what is necessary for the provision of the service. Where applicable and technically feasible, data is anonymized or pseudonymized prior to processing by external services.
SoftBCom complies with the requirements of the GDPR, particularly Articles 5, 6, 28, and 32.
Access Controls
Access is granted exclusively for maintenance and service purposes to authorized personnel based on role-based permissions.
IP filters are used.
Automatic session timeouts can be activated if needed.
Encryption
Data is transmitted via TLS 1.2+.
Security-relevant configuration data (e.g., API keys, tokens, access credentials) is encrypted using AES encryption.
Backup & Recovery
Application-specific backups are executed according to predefined backup plans.
Recovery testing is carried out in accordance with the established contingency plan.
Incident Management
Internal processes are in place for the detection, documentation, and evaluation of security incidents.
SoftBCom is committed to reporting relevant incidents to affected customers in accordance with Article 33 of the GDPR.
Penetration Testing & Technical Assessments
Internal security reviews are conducted prior to each major release or project-specific deployment.
External penetration tests by independent IT partners can be arranged on request (subject to cost reimbursement).
Data processing is carried out in accordance with the DPA (Data Processing Agreement) and the documented Technical and Organizational Measures (TOM).
BSFZ Seal
We are pleased to announce that SoftBCom Berlin GmbH has been awarded the BSFZ seal by the Bescheinigungsstelle Forschungszulage (BSFZ).
The certification confirms that our R&D activities meet the criteria of §2(1) of the German Research Allowance Act (FZulG) and are eligible for support under Germany’s research tax incentive program.
The certified project focuses on the development of an autonomous, AI-driven system designed for real-time customer service operations.
The BSFZ seal highlights our ongoing commitment to innovation in AI-based service automation.
ISO Compliance Statement
SoftBCom aligns with the core principles of ISO/IEC 27001 and implements them within its internal information security management framework.
Billing & Payment Security
QAWacht uses Stripe Payments Europe, Ltd. as its payment processor.
Stripe is certified under PCI DSS Level 1, the highest international standard for payment security.
All payment data is transmitted via TLS encryption and stored by Stripe using AES-256 encryption.
SoftBCom systems do not process or store raw payment card information; instead, tokenization ensures that only non-sensitive references are used in transactions.
For international data transfers, Stripe relies on the EU Standard Contractual Clauses (SCCs) and the EU–US Data Privacy Framework, ensuring GDPR-compliant handling of customer data.
Web Services & Customer Engagement
The public-facing websites and customer-facing marketing tools of SoftBCom (including webinar registration and lead forms) are operated via HubSpot, Inc..
HubSpot provides ISO 27001 certification, SOC 2 reports, and enforces encryption both in transit (TLS 1.2+) and at rest (AES-256).
Contact data collected via HubSpot is processed in line with the SoftBCom Data Processing Agreement and is subject to the EU Standard Contractual Clauses for transfers outside the EU.
No payment or conversation transcript data is processed within HubSpot.
.jpg?width=120&height=120&name=Untitled%20design%20(21).jpg)
