We are committed to providing secure environment for validating data submitted to our platform. As part of this commitment, we use a variety of industry-standard security technologies and procedures to protect your information from unauthorized access, use, or disclosure.

Our API and web services are hosted on the highly secure Google Cloud infrastructure located in Frankfurt, Germany. By leveraging Google Cloud's industry-leading data center security, our services benefit from state-of-the-art hardware and network protection. Google Cloud’s data centers are equipped with multiple layers of security, including physical access controls, advanced threat detection, and encryption protocols, ensuring that all data and operations are safeguarded against unauthorized access. This robust security framework allows us to focus on delivering reliable and secure services, with the confidence that our underlying infrastructure is managed by one of the most trusted cloud providers in the world.

• Physical Security: Google Cloud data centers have multi-layered physical security controls, including biometric scanners, security guards, and 24/7 surveillance. Access to these facilities is highly restricted and only granted to authorized personnel.


• Redundant Power and Cooling: Data centers are equipped with multiple power sources, backup generators, and advanced cooling systems to ensure continuous operation and minimize the risk of outages.


• Fire Detection and Suppression: Early warning systems for smoke and heat are deployed throughout the data centers, along with advanced fire suppression systems to protect hardware and data from fire damage.


• Environmental Controls: Constant monitoring of environmental factors such as temperature and humidity ensures that conditions are optimal for data center operations, reducing the risk of hardware failures.

For futhrer reference, you may review Google's security information at:

Google Security Compliance Offerings

• Encryption: Data is encrypted both in transit and at rest, ensuring that information is protected during transmission and storage.


• Firewalls and DDoS Protection: Google Cloud’s network is fortified with advanced firewalls and Distributed Denial of Service (DDoS) protection, preventing unauthorized access and mitigating attacks.


• Intrusion Detection Systems (IDS): Continuous monitoring of network traffic using IDS helps detect and respond to any suspicious activity or potential security breaches in real time.


• Access Controls: Strict access controls, including multi-factor authentication (MFA) and least privilege principles, are implemented to ensure that only authorized users can access the network and services.


• Security Patching and Updates: Regular security updates and patching are automatically applied to the network infrastructure, ensuring that vulnerabilities are promptly addressed.

Internal Audits
Our engineering team performs monthly internal vulnerability scans of our production environment. This is to ensure that all systems are not only patched against known vulnerabilities, but are following the industry best practices in security.

Web Application Firewall
Our servers are configured to monitor for malicious behavior and intrusion attempts and automatically block and notify us about such attempts.

Data Privacy
Access to account data by our employees is limited to a necessary set of users consistent with their assigned responsibilities. We believe in the concepts of ‘need to know’ and ‘least privileged’.
In addition to this, you are ultimately in control of what data is stored on our platform. We provide you the ability to disable data logging of the data sent to our service. This can be done from your Client Area -> Account -> Settings -> Security and Privacy section.

Data Encryption
All data in transit is sent through https (TLS) encrypted connections. This ensures the confidentiality and integrity of the data sent between www.iban.com and the customer.

Data Removal
We provide a quick and easy way to request all data from our servers to be deleted for your account. By submitting a data deletion request, we will erase all information for your account from our servers such as ( account history, billing data, contact details, user identification and other.) This option is also used for one-off deletions of specific data.

API Security

* Our API uses HTTPS/TLS to protect all data transmitted between our clients and our platform.
* Each request to our API must be done with a valid API key identifying a valid and existing client.
* We have implemented IP access list which provides our clients with the option to restrict access to their API key to only certain IP addresses.

Sub-User Restrictions

Our clients can add sub-user accounts for their employees and colleagues to use the system. Those sub-users may not access sensitive information such as account history, privacy settings. This way the sub-user is only limited to using the service without having access to your account information.
Below you can find our security and privacy related documentation:

EN ISO/IEC 27001:2022
ISO 9001:2015
Data Processing Agreement (GDPR compliant)
Service Level Agreement (SLA)