BackOfficeSicurezza e conformità
Ospitato in Svizzera, conforme nLPD, crittografato end-to-end.
Data Protection
BackOffice is designed from the ground up to comply with the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (nDSG/revDSG). Data protection is not a bolt-on feature — it is embedded in the architecture, data handling processes, and user interface.
Encryption at Rest
All data is encrypted at rest using AES-256. Database volumes, file storage, and backups are fully encrypted.
Encryption in Transit
All communications use TLS 1.3. API calls, webhook payloads, and inter-service traffic are encrypted end-to-end.
Data Minimization
Collect only what is necessary. Personal data retention policies are configurable per data category.
Right to Erasure
Built-in tools for handling data deletion requests. Anonymize or delete personal data while preserving business records.
Regulatory compliance: BackOffice supports both GDPR (EU) and nDSG (Switzerland) requirements. Data processing agreements (DPAs) are available for all customers. The platform includes a consent management framework and data processing register.
Authentication
BackOffice supports multiple authentication methods to match your organization's security requirements, from simple email/password with OTP to enterprise single sign-on with your existing identity provider.
| Method | Security Level | Best For |
|---|---|---|
| Email + Password | Standard | Small teams, individual suppliers, quick setup |
| JWT + OTP (2FA) | High | Default recommendation. Time-based OTP via authenticator app |
| SSO / SAML 2.0 | Enterprise | Large organizations with existing identity providers (Okta, Auth0) |
| LDAP / Active Directory | Enterprise | On-premise environments with existing directory services |
| Azure AD / Entra ID | Enterprise | Microsoft-centric organizations using Microsoft 365 |
Additional security controls
- passwordPassword policies: — Minimum length, complexity requirements, and expiration intervals
- blockBrute-force protection: — Account lockout after configurable failed login attempts
- devicesSession management: — View active sessions, force logout from specific devices
- vpn_lockIP allowlisting: — Restrict BackOffice access to specific IP addresses or ranges
Audit Trail
Every action in BackOffice is recorded in an immutable audit trail. The audit log captures the user, action, affected entity, timestamp, IP address, and both the previous and new values for any data changes. This provides a complete forensic record for compliance, dispute resolution, and security investigations.
Immutable Records
Audit entries cannot be modified or deleted — not even by system administrators. Append-only by design.
Before/After Values
For every data change, the audit log stores both the old and new values, enabling precise change tracking.
Full-Text Search
Search across all audit entries by user, entity type, action, date range, or specific field values.
Compliance Export
Export audit logs in structured formats for external compliance tools, auditors, or regulatory authorities.
Row-level access control ensures that users can only view audit entries relevant to their permissions. A sales representative sees audit entries for their own clients, while an admin sees everything across the organization.
Infrastructure
BackOffice is hosted on infrastructure designed for reliability, performance, and data sovereignty. The default deployment runs on Swiss-hosted servers, ensuring that your data never leaves the country — a critical requirement for many Swiss businesses.
| Option | Provider | Location | Best For |
|---|---|---|---|
| Swiss Cloud (Default) | Infomaniak | Geneva & Zurich, Switzerland | Swiss data sovereignty, nDSG compliance, most customers |
| Global Cloud | AWS | EU (Frankfurt), US, APAC | International distributors, global presence, multi-region |
| On-Premise | Customer infrastructure | Customer's data center | Maximum control, air-gapped environments, regulated industries |
Backup & recovery: Automated daily backups with 30-day retention. Point-in-time recovery available within the retention window. Backups are encrypted and stored in a geographically separate facility within Switzerland.
Explore the 8Move Platform