Security without compromise

Built with privacy and security as a foundation, not as an afterthought

100% EU GDPR Compliant E2E Encrypted

Data Encryption

End-to-end encrypted private chats

AES-256 for all stored data

EU Hosting

Servers in the Netherlands and Germany

Your data never leaves Europe

Access Control

2FA for all accounts

Granular permission management

Data Encryption

Your messages are secure, from sender to recipient

In Transit

TLS 1.3 for all connections

At Rest

AES-256 encryption for stored data

Private Chats

End-to-end encrypted (Signal protocol)

Key Management

Keys are never stored in plaintext

We cannot read your private messages - and we don't want to. Private conversations are encrypted from sender to recipient.

Infrastructure

100% European servers, no US cloud providers

Datacenters

The Netherlands (Dutch hosting provider)

Uptime SLA

99.5% guaranteed

Backups

Daily, encrypted, 30-day retention

DDoS Protection

Enterprise-grade protection

No American cloud providers - No AWS US, no Azure US. No CLOUD Act risks, no hassle with data transfers.

Authentication & Access

Multiple layers of protection for your account

2FA

TOTP (Google Authenticator) or SMS

SSO

SAML 2.0, Google Workspace, Microsoft Entra

Sessions

Automatic timeout, device management

Passwords

Minimum 12 characters, bcrypt hashing

Additional security measures

  • Brute force protection with rate limiting
  • Suspicious login detection
  • Manage active sessions from your account
  • Login notifications via email

Compliance

GDPR not as a checkbox, but as a design principle

Data Processing Agreement

Directly available for business customers

Right to be Forgotten

Complete data deletion upon request

Data Portability

Export all your data in standard formats

Transparency

Full insight into processed data

Operational Security

How we handle security internally

  • Employees: Background checked and screened
  • Access to customer data: Only with explicit permission for support
  • Logging: Comprehensive audit logs of all access
  • Monitoring: 24/7 security monitoring
  • Incident Response: Documented procedure, notification within 72 hours

Vulnerability Management

Continuously improving our security

Security Audits

Regular external audits

Penetration Testing

Annual pentests by third parties

Update Policy

Critical patches within 24 hours

Responsible Disclosure

security@mss.gs

GDPR Compliant
EU Hosted
E2E Encrypted

Frequently asked questions about security

Can you read my messages?

No. Private chats are end-to-end encrypted. Even we cannot read these messages. Channel messages are stored encrypted, but not E2E - this is needed for features like search.

Where exactly is my data stored?

In the Netherlands, with a Dutch hosting provider. We do not use American cloud providers like AWS or Azure.

What happens in case of a data breach?

We have an incident response procedure. In case of a data breach, affected customers and the Data Protection Authority are notified within 72 hours, in accordance with GDPR.

Do you have a data processing agreement?

Yes, a standard data processing agreement is available for all business customers. Contact us at privacy@mss.gs for a copy.

Do you perform penetration tests?

Yes, we have annual external penetration tests performed by certified security companies. Additionally, we conduct continuous internal security reviews.

How do I report a security issue?

Through our responsible disclosure: security@mss.gs. We take all reports seriously and respond within 48 hours.

Want to know more about our security?

Contact our security team for specific questions.

Contact us security@mss.gs