GDPR & Data Processing

How Sansec processes data

Sansec software runs on-premise, directly on customer servers. The customer remains the data controller for any personal data on those systems. For the core scanning and protection features, no personal data ever leaves the customer's infrastructure.

eComscan

eComscan is a malware and vulnerability scanner. It only inspects technical assets:

• Source code files (PHP, JavaScript, HTML, templates)
• System configuration (cron jobs, web server config, file integrity)
• Database structure (schema, admin accounts, integration settings)

eComscan does not read order data, customer profiles, payment information, or any other personal records. All scanning runs locally on the customer's own server.

If ecomscan is configured to use the reporting and/or dashboard feature, a summary of scan results is uploaded to the customer dashboard. Scan results never contain personal data.

Sansec Shield

Sansec Shield inspects incoming web requests in real time to block attacks. To evaluate a request, it processes:

• HTTP headers
• Request arguments

This processing happens entirely on the customer's server.

If a customer enables the Shield dashboard, an anonymized summary of blocked requests is sent to Sansec so the customer can review them. Before transmission, sensitive fields are stripped from the request:

• Cookies
• Authorization headers
• Passwords

The remaining data (matching rule, HTTP request) is stored only for the customer's own review and never longer than 7 days. After that window, the data is permanently deleted.

Hosting and location

All Sansec servers are hosted with Hetzner Online GmbH in Germany. Any dashboard data stays within the EU at all times.

Sub-processors

Data Processing Agreement (DPA)

For customers who need a signed DPA under GDPR Article 28, Sansec provides a standard template. Email info@sansec.io to request a copy.

Contact

For questions about data processing, sub-processor changes, or to exercise data subject rights, contact info@sansec.io.