Stackfield is probably the most secure collaboration platform in the world

We are ready for the stringent requirements of DORA, NIS2, and the Cyber Resilience Act (CRA), making us well-suited for critical infrastructures (KRITIS).

Meets the highest requirements of the GDPR

Data processing only on servers in the EU

Data processing (i.e., storage, disclosure through transmission, use, etc.) occurs exclusively on servers in the EU - unlike competitors, this also includes telemetry data. Data storage takes place in German data centers.

No AWS, Google Cloud or Azure - Stackfield only uses European subcontractors

Stackfield only uses subcontractors, e.g. for hosting or sending emails, which are based in the EU and over which no control can be exercised from outside the EU.

Stackfield is subject only to German and EU law

As a German company, Stackfield is exclusively subject to German and European jurisdiction. This means at the same time that laws from EU third countries, such as the Cloud or Patriot Act from the USA, cannot be enforced.

No use of external tracking tools

Stackfield does not use any external tracking tools, such as Google Analytics or IP address based services - the data collected is processed exclusively by Stackfield.

Automated deletion rules for stored data (as of Q4/2024)

To support our customers' data protection compliance, deletion rules are available from the Premium package onwards to ensure that all deletion deadlines are met without administrative effort.

Stackfield holds the BSI C5 attestation and is certified to multiple ISO standards.

BSI C5: Highest standards in secure cloud computing

The Cloud Computing Compliance Criteria Catalogue (C5) was developed by the Federal Office for Information Security (BSI) and is considered one of the most rigorous IT security standards worldwide. It assesses not only the adequacy but also the effectiveness of the established security requirements.

ISO 27001: Security of all information

The certification shows that Stackfield GmbH has considered the topic of information security in all areas, processes and scenarios, whether customer support or disaster, and has implemented appropriate solutions for any risks.

ISO 27017: Secure processing in the cloud

Addresses information security including guidelines and controls in the cloud. It defines responsibilities, recommendations for encryption, incident response, compliance and transparency to ensure secure cloud usage.

ISO 27018: Protection of personal data

Focuses on the protection of personal data in the cloud. It sets out specific controls and procedures for cloud service providers to ensure user privacy and regulate the handling of personal information in accordance with data protection principles.

Download certificate

Zero-Knowledge Encryption
->We can not access your data!

Due to the real end-to-end encryption all relevant contents are encrypted by AES and RSA algorithms. This way we ensure that no one except you and the people included in a workspace have access to your data.

What data is encrypted in encrypted rooms?

Project Rooms

Status
Notes
Description of cost
positions

Events

Title
Agenda
Location
Comments

Files

File Content
Comments
Comments on marker

Communication

Text messages

Tasks

Title
Description
Subtasks
Description of time entries
Contents of user-defined
text fields, number fields
and text boxes
Comments

Pages

Title
Description
Comments

Discussions

Title
Description
Polling options
Comments

Whiteboards

Title
Content
Comments

Snippets

Title
Code
Comments

How does the encryption work?

Our end-to-end encryption protects data using a unique combination of AES and RSA algorithms. AES encryption comes with a 256-bit key length, while RSA encryption uses a 2048-bit key length. The encryption and decryption of the data takes place in the user's browser. In this way, we ensure that unauthorized parties can neither decrypt nor view the data - not even Stackfield being the software provider can do that. In other words, all relevant data is transferred securely encrypted to our servers where it stays encrypted all in rest.

Step 3 End-to-End EncryptionRSA-2048 & AES-256 Our end-to-end encryption protects data using a unique combination of AES and RSA algorithms. AES encryption comes with a 256-bit key length, while RSA encryption uses a 2048-bit key length. The encryption and decryption of the data takes place in the user's browser. In this way, we ensure that unauthorized parties can neither decrypt nor view the data - not even Stackfield being the software provider can do that. In other words, all relevant data is transferred securely encrypted to our servers where it stays encrypted all in rest. Each data room is separately encrypted with an automatically generated password. Users do not need to remember these passwords to access data in their data rooms. A user receives the password after becoming a room member. Henceforth, the synchronization takes place automatically in the background.

Tips and tricks: How do I create an end-to-end encrypted room?

Want to learn more about end-to-end encryption?

Download Whitepaper

Supporting Security Features

Highest SSL-Standards

All data is transferred between your device and our servers using 256-bit AES SSL/TLS encryption.

Offsite Backups

Automatic offsite backups prevent data loss in states of disaster due to theft, virus attack, hardware failure, or natural disaster.

ISO 27001 certified data centers

All data centers used are ISO 27001 certified and have redundant data storage.

Data Processing Agreement

You can conclude the agreement required due to the GDPR with a few clicks.

Penetration Testing

Stackfield regularly conducts penetration tests to protect the platform from attacks and security breaches.

Employees trained in Data Protection

Stackfield's employees receive special training on data privacy and security.

Certified Mobile Apps

Stackfields mobile apps have been tested and certified as Trusted App by APPVISORY.

Redundancy of the systems

The data of our users is stored multiple times mirrored, to ensure that it won’t be lost even in case of hardware failures.

Enforced two-factor authentication

To additionally protect the data, you can define centrally that access is only possible with active two-factor authentication.

Single Sign-on

For ease of use you can use the single sign-on for Stackfield, which automates user management.

User Provisioning via API

Adding and editing of users can be done using the API of Stackfield.

Reporting on Employee Logins

The reporting feature shows when employees last logged in to Stackfield.

Reporting about changes of the organization settings

To track changes of an organization's settings, they are collected and displayed in a report.

Export of all personal data

All users are able to create an export of the respective personal data uploaded to Stackfield.

Export of organization data for administrators

The selected options of the organization settings can be downloaded and saved by the administrators.

Access restrictions by IP addresses

Access to the data of an organization can be limited to certain IP addresses by using the IP white list.

Login notifications when using unknown device

As soon as a login on an unknown device takes place, users receive an e-mail notification directly.

Access log for each account

Each user can track exactly on which devices and via which IP addresses an access to their own account has taken place.

Password Policies

Precise rules on the strength and frequency of changing the password provide a high level of protection against unauthorized access.

Compliance rules for each organization

Within an organization and the rooms, it is possible to determine who is entitled to which in-person access or to make changes.

Service level agreements regarding availability

Stackfield is focussed on a high availability of the platform and assures it through a service level agreement.