How we protect your data.
Teravor Monitor is a solo-operated SaaS. We are not SOC 2 certified and have not been independently audited — we say so plainly. What we can tell you is exactly what we run, where it lives, and how it is secured.
Data location
All data is stored on a single Hetzner CX33 server in Falkenstein, Germany (EU). No data is transferred to or stored outside the EU.
Encryption in transit
TLS 1.3 everywhere. Caddy terminates HTTPS automatically and renews certificates via ACME. All database connections use TLS. Internal service traffic stays on a private Docker network.
Encryption at rest
Hetzner server storage is encrypted at the host level. Sensitive config values (API keys, webhook secrets) are stored encrypted in the database.
Authentication
Passwords are hashed with bcrypt via Better Auth. Session tokens are issued as HttpOnly, Secure, SameSite=Strict cookies. API keys use SHA-256 hashed storage.
Access control
Single-operator deployment. Production access is SSH key-only — no password logins, no shared access. There is no team with access to your data.
Vulnerability disclosure
Found a vulnerability? Email [email protected]. We aim to acknowledge within 48 hours and will keep you updated on remediation progress. We appreciate responsible disclosure.
Responsible disclosure
If you discover a security vulnerability in Teravor Monitor, please report it privately before publishing. Email [email protected] with a description and reproduction steps. We aim to acknowledge every report within 48 hours and will work with you on a disclosure timeline. We appreciate researchers who give us the chance to fix issues before they are made public.