This website requires JavaScript.
Take the Quality Survey and help us create the first-ever CX Benchmark Report 👉 Take the survey


Effective: 28th of January, 2019

Security is one of the biggest considerations in everything we do. If you have any questions after reading this, or encounter any issues, please let us know.


Klaus forces HTTPS for all services using TLS 1.2+ (SSL), including our public website and our app, to keep your data safely encrypted in transit. Your data is also encrypted at rest with LUKS.

Klaus has servers in secure and ISO27001 compliant datacenters in Germany. We run our services on Google Cloud & Google Firebase. We protect all of those from attacks and abuse:

  • We harden our servers with additional security measures, like making sure restrictive firewalls are configured and login is only allowed in a secure manner
  • Access to our servers is tightly controlled and we keep audit logs of all issued commands
  • We regularly patch and update the software we run & we do periodic scans to find out-of-date software

We use HSTS to ensure browsers interact with Klaus only over HTTPS. We use various other HTTP security headers to keep our network traffic as restricted as possible.

Team awareness

Klaus employs and develops security-aware people. We demand MFA from our employees for all external services where possible, use a password manager for both personal passwords and secret management.

Account and data security

In addition to the work we do at the infrastructure level, we provide Account Administrators with additional tools to limit their users’ access to Customer Data via role management. You can also configure Klaus to never store sensitive Customer Data – we provide the option to mask out any contact details (e-mail, phone number), the client’s name, and their bank credentials. That way nothing sensitive will rest on our side.

Deletion of Customer Data

Klaus provides the option for an account owner to delete Customer Data at any time via removing the Support Desk integration. Klaus then hard deletes all information from currently-running production systems (excluding account, team, and ticket internal IDs, embedded in URLs in web server access logs). Klaus services backups are destroyed within 14 days.*

We send you emails only from addresses and we have set up DMARC reject mode to make it hard for criminals to send phishing emails from our domain.


We are GDPR-compliant; find out more from our Privacy policy.

If you have additional questions regarding security, we are happy to answer them. Please write to us and we will respond as quickly as we can.