Welcome to the AdmiralCloud Trust Center
Executive Summary: AdmiralCloud is a SOC2 certified Digital Asset Management Platform with highest security and privacy standards. Primary data storage in Germany for maximum data sovereignty, GDPR compliant, 24/7 monitoring and over 99.5% availability.
Here you will find all information about privacy, security and compliance of the AdmiralCloud Digital Asset Management Platform.
With AdmiralCloud DAM, all digital media and documents are securely located in one central place and are simultaneously available everywhere they are needed.
The AdmiralCloud Digital Asset Management Platform meets the highest international security and privacy standards.
Compliance & Certifications AdmiralCloud DAM
Public Documents
Contract Documents
These documents are part of our customer contracts and regulate the legal framework of our cooperation.
Protected Documents
The following documents can be requested through our helpdesk with justified interest.
Trust through Compliance and Security
Compliance
Proven Controls
What does SOC2 mean for you?
Our SOC2 certification confirms the implementation of strict control mechanisms in areas such as security, availability, confidentiality and privacy.
High-Security Data Centers & Data Sovereignty
Where is your data safe?
AdmiralCloud exclusively uses data centers with the highest security standards: AWS Frankfurt and Hetzner in Germany for primary data storage, additional AWS regions as backup according to DORA. This infrastructure provides physical protection, redundancy for critical systems and maximum data security.
24/7 Monitoring
How do we monitor your security?
Our comprehensive 24/7 monitoring system continuously monitors the performance and availability of all system components. Automatic alerts, performance analyses and proactive problem detection contribute to our high system availability, which reaches nearly 100% in practice.
Separated Environments
How do we protect production data?
AdmiralCloud operates strictly separated development, testing and production environments. This separation protects customer data from unintended changes and ensures the integrity of your production environment.
OWASP Principles
Which security standards do we implement?
AdmiralCloud follows the recommendations of the Open Web Application Security Project (OWASP). This non-profit organization sets worldwide standards for application security. Our development processes and security audits consider the OWASP Top Ten, a recognized guide for identifying and avoiding critical security risks in web applications.
Disaster Recovery Plan
What happens in an emergency?
Our detailed Disaster Recovery Plan secures your data even in exceptional situations. We conduct regular backup restoration tests and ensure rapid recovery in case of emergency through redundant systems.
High Operational Stability
How reliable is AdmiralCloud?
AdmiralCloud guarantees standard system availability of 99.5%. For Enterprise customers we offer individual SLAs with higher availability commitments. Our redundant AWS infrastructure and proactive monitoring ensure that we achieve nearly uninterrupted availability in practice and reliably process tens of millions of media and API requests daily.
Comprehensive Risk Management
How do we manage security risks?
Our holistic risk management continuously identifies, evaluates and addresses potential risks to our digital infrastructure. Regular risk assessments and security tests keep us up to date with the threat landscape.
Opt-In AI Features
How do we use AI responsibly?
All AI functions in AdmiralCloud are transparently designed and based on a strict opt-in principle. Customers retain full control over which AI services are activated and how their data is processed.
AI Risk Assessment
How do we ensure safe AI?
Every AI system at AdmiralCloud undergoes regular reviews and risk assessments. This ensures that all deployed AI functions are operated responsibly and in compliance with European regulations.
Human AI Oversight
Who oversees our AI systems?
AdmiralCloud implements comprehensive review procedures for AI-generated results. Through continuous human monitoring and structured review processes we ensure the quality and reliability of all AI functions.
Multi-Level Authentication
How secure is access?
AdmiralCloud supports modern authentication methods like SSO and MFA, compatible with SAML/ADFS, OAuth2 and Azure AD. Our role-based access concept enables precise control of user permissions.
Strict Vendor Controls
How do we select partners?
We work with carefully selected service providers. For critical infrastructure partners we require at least ISO 27001 certification, while all other suppliers undergo a strict risk assessment process. Our SOC2-compliant vendor management ensures that third-party providers also maintain our high security standards.
ESG Reporting
How sustainable do we operate?
AdmiralCloud publishes regular ESG reports (Environmental, Social, Governance) that transparently document our progress and goals in the areas of environmental protection, social responsibility and ethical corporate governance. Our commitment to sustainability and social responsibility is an integral part of our corporate strategy.
UN Global Compact
Which ethical standards do we follow?
As a supporter of the UN Global Compact principles, AdmiralCloud is committed to the ten universal principles in the areas of human rights, labor standards, environmental protection and anti-corruption. These values are deeply embedded in our corporate culture and guide our business practices.
Diversity & Family
How do we promote employee diversity?
AdmiralCloud is a member of the "Success Factor Family" program. We actively promote an inclusive working environment and offer flexible work models that support work-life balance. These initiatives reflect our commitment to the personal and professional development of our employees.
Whistleblowing Platform
How do you report compliance violations?
With our anonymous whistleblowing platform Trusty (admiralcloud.trusty.report) we provide a secure channel to report concerns or possible violations. This platform complies with the requirements of the EU Whistleblower Directive and underscores our commitment to transparency, ethical behavior and an open corporate culture.
Privacy & Data Processing
Privacy by Design
How is privacy built in?
AdmiralCloud was developed from the ground up with a "Security and Privacy by Design" approach. Our platform enables compliant processing of personal data with clear roles, responsibilities and transparent processing purposes according to GDPR requirements.
Primary Storage in Germany
Where is your data stored?
AdmiralCloud places the highest value on European data sovereignty. Primary data processing and storage takes place in our German data centers (AWS Frankfurt and Hetzner). To meet the strict requirements for operational resilience according to DORA, we additionally use high-security backup capacities in other EU data centers from AWS.
Data Processing Agreement
What legal guarantees do you receive?
We offer comprehensive DPAs according to Art. 28 GDPR that clearly define your rights and our obligations. These agreements ensure transparency about technical and organizational measures to protect your data.
End-to-End Encryption
How is your data encrypted?
All data is encrypted both in transit (TLS) and at rest (AES-256) using state-of-the-art methods. This applies to media data, databases and search indices to ensure maximum security.
Cookie Policy
Which cookies does AdmiralCloud use?
AdmiralCloud exclusively uses technically necessary session cookies. These are required for the login process and have limited validity. We refrain from using marketing or tracking cookies and therefore do not require consent banners or permissions according to GDPR. Our platform is designed to work seamlessly with cookie blockers and strict browser privacy settings.
Data Minimization & Purpose Limitation
What data do we collect?
AdmiralCloud exclusively collects data that is necessary for the respective processing purpose. Every data collection is linked to a clearly defined and documented purpose. We follow a strict "need-to-know" approach in designing our systems and processes to minimize both the amount of data and access to it.
Transparent Retention Periods
How long is data stored?
All data at AdmiralCloud is subject to clearly defined retention periods: Security-relevant logs are retained for 3-5 years, anonymized usage statistics for 3 years and billing data according to legal retention requirements. We implement automated deletion routines and regularly review the necessity of stored data.
Anonymization & Pseudonymization
How do we protect personal data?
AdmiralCloud implements advanced methods to protect personal data: IP addresses are completely anonymized or shortened depending on the purpose of use, user statistics are aggregated and separated from identifying features. Complete IP addresses are kept for a maximum of 12 months for security purposes and then irreversibly anonymized.
User-Explainable Data Processing
What happens to your data?
At AdmiralCloud we make data processing transparent and comprehensible: When uploading an asset, metadata such as filename and type, optional descriptions and technical information are processed. For statistical purposes, usage data is stored in anonymized form. Personal data such as IP addresses are used for a limited time and exclusively for security and statistical purposes.
Data Subject Rights
What rights do you have?
AdmiralCloud supports data subject rights according to GDPR: Information requests are processed promptly and data can be exported in machine-readable format. Deletion of user content and master data is possible on request, with technical limitations for backups and security-relevant logs. This balanced solution protects data subject rights and simultaneously fulfills legal retention obligations.
Frequently Asked Questions about Security & Compliance
Quick Answers:
- Is AdmiralCloud GDPR compliant? Yes, fully GDPR compliant with DPA and German data storage.
- Where is data stored? Primary in Germany (AWS Frankfurt, Hetzner), EU backups (geographic redundancy).
- Is my data sovereignty guaranteed? Data sovereignty guaranteed through German and European data centers.
- How secure is my media data? AES-256 encryption, 24/7 monitoring, granular access control.
How does AdmiralCloud ensure the security of our confidential media data?
AdmiralCloud employs multi-layered security concepts: encrypted storage with AES-256, TLS-encrypted data transmission, granular access controls and regular security audits. Our SOC2 certification confirms compliance with the highest security standards for protecting confidential media data.
How does AdmiralCloud guarantee EU data sovereignty?
AdmiralCloud guarantees complete EU data sovereignty through primary data storage in German data centers (AWS Frankfurt, Hetzner Germany). Your data is subject exclusively to EU law and German jurisdiction - without transmission to third countries or access by foreign authorities. For DORA-compliant backup strategies we use additional EU data centers from AWS, ensuring your data never leaves the European Union. This architecture ensures maximum legal control over your digital assets and meets the strictest European data protection and sovereignty requirements.
Can we integrate AdmiralCloud into our existing IT security infrastructure?
Yes, AdmiralCloud was designed for seamless integration. We support enterprise authentication systems (SAML/ADFS, OAuth2, Azure AD), provide comprehensive APIs with security controls and can be connected to existing security monitoring tools. Our experts support you with secure integration into your environment.
How is emergency preparedness organized at AdmiralCloud?
Our comprehensive Business Continuity Management includes automated backups, redundant systems, regular recovery tests and a detailed Disaster Recovery Plan. In case of an incident, our Incident Response Team immediately activates established processes to minimize impact and restore normal operation as quickly as possible.
How does AdmiralCloud prepare for future security requirements?
We follow a proactive approach with continuous monitoring of new threats and regulatory developments. Our team regularly participates in security training, we conduct penetration tests and continuously update our security measures. Through early preparation for regulations such as DORA and EU AI Act we are always prepared for future requirements.