Elido
Trust Center

Trust, written down.

ElidoはデフォルトでEUホスト、GDPR対応、監査トレイルを組み込んで構築されています。以下は計画ではなく、すでに実施している内容です。

Read the DPAsecurity@elido.app
SOC 2 Type II
ISO 27001
GDPR
HIPAA対応 (Business)
EU-residency
Workspace region · pin once
irreversible at create
  • FrankfurtFRA · eu-central-1
    EU residency · default

    Default for every workspace. Audit log, clicks, backups stay in-region. No DPF or Schrems II reliance.

  • AshburnIAD · us-east-1
    Opt-in

    Workspace creation only. Irreversible. For US-resident customers who want US data path.

  • SingaporeSIN · ap-southeast-1
    Business+ · opt-in

    Workspace creation only. Irreversible. APAC residency for Business and Enterprise plans.

No cross-region replication for hot dataaudit · clicks · backups
5
Sub-processors, public list
90d
Pro audit retention (7y on Business)
30d
DSAR SLA (5d expedited on Business)
0
Cross-region transfers for hot data

What “trust” means in product terms

私たちが意味する信頼

Each pillar maps to something concrete you can grep for in the audit log, the DPA, or our public infra repo. No marketing ambiguity.

デフォルトでEU-residency

Postgres、ClickHouse、Redis、MinIO — すべてフランクフルトに設置。Businessプランはアシュバーンまたはシンガポールに固定可能。FreeとProはEUから出ることはありません。

すべてに監査トレイルを

ワークスペース設定、ロール変更、キーローテーション、リンク作成、削除、エクスポート。すべてのイベントに「誰が、いつ、何を」が記録され、エクスポート可能です。

AIはデフォルトで読み取り専用

AI統合にはスコープ設定されたローテーション可能なキーが付与されます。書き込み/削除アクセスは、デフォルトではなく明示的な監査対象設定です。

BYOKと顧客管理キー

Businessでは保存データの暗号化に独自のKMSを使用可能。コールドストレージを再暗号化せずにキーをローテーションできます。

アンチアビューズパイプライン

すべてのリンクは、作成時およびローリング再スキャン時に複合スキャナー(URLhaus + Google Safe Browsing + ヒューリスティック)を通過します。

サブプロセッサーの透明性

リスト、場所、目的をすべて公開。追加時には通知を行い、一部ではオプトアウトルートも提供します。

Append-only audit log

Every state change is recorded.

Append-only is enforced at the database layer: the audit table grants only INSERT and SELECT to application roles, with no UPDATE or DELETE. Even our own admins can’t rewrite history without a migration that shows up in change control. Retention is 90 days on Pro and 7 years on Business — covering SOX, MiFID II, and HIPAA without an add-on.

  • Actor identity
    User ID or service principal, plus source IP and request ID
  • Before/after diff
    Structured JSON diff of the changed row — not just a text log line
  • SIEM firehose
    HMAC-signed webhook to Splunk / Datadog / ELK in real time
  • Tamper-evident
    Postgres GRANT enforcement; no UPDATE / DELETE for app roles
Security overview →
Audit entry · evt_8c41a7
domain.claim · ws_8a2f
Actor
admin@elido.app
Timestamp (UTC)
2026-05-08T11:42:18Z
Source IP
203.0.113.42 · DE
Source
dashboard · req_a4f9c1
  {    "domain": "go.acme.eu",-   "status": "pending_dns",+   "status": "verified",-   "tls_mode": "none",+   "tls_mode": "on_demand",+   "verified_at": "2026-05-08T11:42:18Z",    "workspace_id": "ws_8a2f"  }
Event type
domain.claim
Diff lines
+3 / -2
Retention
7 years (Business)
Append-only · enforced by Postgres GRANTStreamed to SIEM

Data subject access requests

Subject rights via API.

You receive a subject request from your end user. You forward it via the dashboard or API as a controller-on-behalf-of-subject request — Elido authenticates the controller (you), not the subject. The bundle is a signed zip: identity record, links, audit-log entries where the subject is the actor, billing receipts if the subject is a workspace owner. Standard SLA is 30 days; Business expedited returns inside 5 business days.

  1. Step 1

    Subject request

    End user → controller (you)

    Subject contacts you. You authenticate them in your own product, not in Elido.

  2. Step 2

    DSAR API call

    POST /v1/dsar

    Forward as a controller-on-behalf request with subject email + request type (export / erase).

  3. Step 3

    Workspace bundle

    signed zip · JSON + CSV

    Identity, links, audit-log entries where subject is actor, billing if owner, anonymised click metadata.

  4. Step 4

    SLA

    30 days · 5 days expedited

    Standard SLA on every plan; Business expedited tier returns inside 5 business days.

Read the DPA →DSAR endpoint reference → API

Five sub-processors, listed publicly

Five vendors. Listed publicly.

The full list with vendor location, processing purpose, data categories, and DPA reference URL lives at /legal/subprocessors and is checked into the public docs repo, so changes appear in git history. Adding or replacing a sub-processor triggers a 30-day notice to every workspace admin via in-app banner and email before processing begins, so customers can object. monobank Plata replaced LiqPay under ADR-0026 in 2026-05.

Sub-processor fan-out · workspace data flow
5 vendors · public list
Your workspace
ws_xxxx
eu-central-1 (default)
  • HetznerISO 27001
    Compute · primary infra
    EU · Frankfurt + Helsinki
  • OVHISO 27001 · SOC 2
    Compute · Business region pins
    EU + APAC POPs
  • PostmarkSOC 2 Type II
    Transactional email
    EU (opt-out for EU-only)
  • monobank PlataPCI DSS L1
    Payments · replaced LiqPay (ADR-0026)
    EU
  • CloudflareISO 27001 · SOC 2
    Marketing proxy + WAF (not redirect path)
    Global
Adding a vendor triggers a 30-day customer notice/legal/subprocessors
See the full sub-processor list →Security overview → architecture

Compliance posture

Where we stand on the frameworks customers ask about.

No future-tense claims. Each row says what is shipped today, what’s in observation, and what’s available as an add-on under contract.

Achieved

ISO 27001

Information security management system, certified scope covers the full Elido platform.

In progress

SOC 2 Type II

Observation period running through H2 2026. Type I report available under NDA today.

Default

GDPR

EU residency by default, pre-signed DPA with standard SCCs, public sub-processor list.

Available

HIPAA-ready

BAA on Business+ with encryption, audit logging, and access controls already wired.

Default

EU residency

Postgres, ClickHouse, Redis, MinIO — all in Frankfurt. No reliance on Schrems II / DPF.

Default

Encryption

AES-256 at rest, TLS 1.3 in transit, KMS-backed key rotation. BYOK on Business.

Compliance FAQ

The questions procurement keeps emailing us.

Do you sign a DPA?

Yes. Our standard DPA is pre-signed with EU SCCs and downloadable from /legal/dpa. No negotiation needed for default terms — paid plans get it counter-signed automatically. Custom redlines are available on Business and Enterprise.

How many sub-processors do you use?

Five: Hetzner (compute, EU), OVH (compute, EU + APAC for region pins), Postmark (transactional email, EU), monobank Plata (payments, EU — replaced LiqPay under ADR-0026), and Cloudflare (marketing proxy + WAF; never on the redirect path). The full list with location, purpose, and DPA reference is at /legal/subprocessors.

Is region pinning available on every plan?

EU residency is the default for every workspace, on every plan, and never changes. Opt-in pinning to us-east-1 (Ashburn) or ap-southeast-1 (Singapore) is workspace-only, irreversible at create time, and gated to Business and Enterprise plans.

What's the DSAR turnaround?

30 days standard SLA on every plan. Business and Enterprise get a 5-business-day expedited tier. DSARs are filed via API or dashboard (POST /v1/dsar) — you authenticate the controller, we authenticate you, and the bundle ships as a signed zip with identity, links, audit-log entries, and billing records.

How do BAAs work for HIPAA?

BAA on Business+ only. The technical safeguards (encryption, audit logging, access control, secure backup) are the same as the default tier — the BAA is paperwork, not feature-gating. Email compliance@elido.app to start.

Is there a self-host option?

Yes. The redirect tier and click-ingester are open source under Apache 2.0 with a Helm chart for Kubernetes. Customers run the redirect tier in their own VPC and point the dashboard at our control plane, or run the entire stack on-prem. The repo is the same code we run.

How do you notify customers about sub-processor changes?

Adding or replacing a sub-processor triggers a 30-day notice via in-app banner and email to every workspace admin. Customers can object before processing begins. The list at /legal/subprocessors is checked into a public git repo so changes appear in version-control history.

Where do you publish incidents and uptime?

Live status, recent incidents, and full post-mortems at /status. Incidents that affect security are also posted to security@elido.app subscribers and to the Trust Center page within the SLA window defined in the DPA.

詳細はこちら

Every claim above has a public doc. If you’re evaluating us for a procurement decision, start here.

サブプロセッサー

データの共有相手、場所、目的について。

DPA

EUの個人データを処理する前に署名が必要です。

プライバシー

収集するもの、しないもの、保持期間について。

セキュリティページ

アーキテクチャ、暗号化、シークレット管理、脅威モデル。

ステータス

ライブ稼働率、最近のインシデント、ポストモーテム。

Contact

セキュリティに関する質問がありますか?

脆弱性報告は security@elido.app まで(PGP利用可能)。SOC 2 / ISO / DPA については compliance@elido.app まで。1営業日以内に回答します。

Security

Vulnerability reports, security.txt, PGP key. We respond within one working day.

security@elido.app

Compliance

SOC 2 / ISO requests, DPA counter-signing, sub-processor notices, BAA process for HIPAA.

compliance@elido.app

Sales

Enterprise procurement, security questionnaires, and custom-terms requests.

sales@elido.app

Ready when procurement is.

Pre-signed DPA, public sub-processor list, audit log on every plan. Start free or talk to sales for the security questionnaire shortcut.

See pricingTalk to sales
トラストセンター · Elido