Trust & data

RÜM combines product and consulting. Technical and organizational measures depend on your deployment (cloud, hybrid, on-premise workshops). This page summarizes what we can disclose publicly; detailed assurances are part of contracts and security questionnaires.

Data handling

We apply least-privilege access for operational accounts, encrypted transport (HTTPS/TLS) for web properties, and documented change practices for production systems. Specific retention windows and subprocessors are listed in your Data Processing Agreement (DPA) when applicable.

Availability & continuity

Backups and recovery objectives are aligned with hosting providers and service tiers. Enterprise engagements define RTO/RPO and escalation paths in writing—not on this marketing page alone.

Compliance

Certifications (e.g. ISO 27001, SOC 2) are listed here only when formally obtained. Until then we provide architecture descriptions and policies under NDA for procurement and IT teams.