ISO/IEC 27001
International certification for information security management. Validates processes, risk management, and operational continuity according to the most demanding industry standard.
Security · Technical architecture · ISO 27001
Securoo's security,
explained without omissions.
This page is built for CISOs, DPOs, compliance officers and professionals evaluating Securoo with the rigour it deserves. No vague claims: real architecture, signed decisions, and the reasoning behind every technical choice.
Client-side encryption
AES-256
RSA keys
4096-bit
Model
Zero-knowledge
Certification
ISO 27001
Zero-knowledge encryption
Keys never pass through our servers.
Encryption happens directly in your browser or mobile app, before any data leaves your device. Securoo cannot decrypt or read your files — not under court order, not in case of a security breach.
Each user has their own keypair
When you activate Securoo, a hash+salt login and a unique RSA 4096-bit keypair are generated. Data stays cryptographically tied to the rightful owner. No one else can access it — not even Securoo.
Mnemonic Recovery Key
When you activate Securoo Business, a mnemonic Recovery Key is generated. It allows recovering access without weakening encryption or surrendering control to third parties. Your data sovereignty stays intact.
- 1
The file is split into chunks encrypted locally with random AES-256 keys.
- 2
Each AES key is encrypted and signed with your private RSA 4096-bit key.
- 3
Only encrypted chunks and encrypted keys reach our servers — never plaintext.
- 4
To decrypt, your device uses your private key. Securoo doesn't have it.
100%
European infrastructure.
After the Schrems II ruling and the jurisprudence that followed, the use of US-based subprocessors for personal data of EU citizens is legally fragile. Securoo made a structural decision: all infrastructure runs on European soil, with no subprocessors outside the EU. It's not a marketing promise — it's an irreversible engineering choice. ISO 27001 certification validates that security processes, risk management and operational continuity meet the most demanding international standard.
Is your firm truly protected against the regulator? Answer 5 questions and get a GDPR compliance diagnosis in 3 minutes. No signup.
Take the free test
Traceability & audit
Every access, recorded and time-stamped.
Every operation generates a session event with SHA-256 hash and RFC 3161 timestamp, verifiable by an accredited Certification Authority. The audit log is immutable and exportable for regulatory inspections.
- File openings and downloads with IP, device, and timestamp
- Permission changes and collaboration invitations
- Electronic signature with RFC 3161 reference
- Forensic PDF log export for external audits
| File | User | Action |
|---|---|---|
| Contract-Fernandez-2024.pdf | [email protected] today, 09:14 | View |
| POA-Herrero-Lopez.pdf | [email protected] today, 08:52 | Sign |
| Defense-Memo-Q1-2025.docx | [email protected] yesterday, 17:38 | Share |
| KYC-Martinez-Holdings.zip | [email protected] yesterday, 14:05 | Download |
| NDA-Tecnova-SL.pdf | [email protected] Mon, 11:20 | Sign |
Each event includes SHA-256 hash + RFC 3161 timestamp · Immutable and exportable log
Pentesting & certifications
Security verified by independent third parties.
Securoo's security isn't based on self-claims. We submit the platform to periodic external audits and maintain internationally recognised certifications.
Penetration Testing — Cyberglobal
Periodic tests performed by Cyberglobal, a CREST-aligned cybersecurity firm. They validate the platform's resilience under real-world attack scenarios.
Technical whitepaper
Detailed document on zero-knowledge architecture, encryption flow, RSA-4096 key management, and recovery mechanisms. Available on request.
Avoid fines up to €20M for non-compliance with GDPR Article 32. Securoo's end-to-end encryption minimises the impact of security breaches and insider threats, placing you above the required compliance threshold.
Want to review pentesting reports or the technical whitepaper? Our team sends them within 24 hours.
Request documentation
More specific technical questions?
Our technical team and DPO are available to answer in detail. You can also start protecting your firm today — no credit card required.