MakerToo← Back to site
Trust Center

Security

Self-hosted, EU infrastructure, no vendor lock-in — the specifics, so your review doesn't need a call to get through it.

Last updated 10 July 2026

Overview

MakerToo runs its own infrastructure end to end rather than routing customer data through a stack of third-party SaaS vendors. That means fewer parties touch your data, and it means we can be specific about how each layer works instead of pointing at someone else's compliance page. This page documents the setup plainly. If something you need for a procurement review isn't here, email us — see Contact.

Infrastructure & data residency

All primary infrastructure is hosted in the EU. No IP addresses are published here — ask if your reviewer needs them under NDA.

ComponentProviderCountry
Application & primary databaseContaboGermany
Mail infrastructureContabo / HostingerGermany / France
DNS & edge networkCloudflareGlobal edge, EU points of presence

Enterprise and dedicated deployments run on an isolated instance and database per client — not a shared multi-tenant box — for organizations whose procurement policy requires it. Ask about dedicated hosting.

Tenant isolation

Every organization's data is scoped by tenant at the application layer, enforced centrally rather than trusted per route. That's backstopped by two independent checks we run against the live system, not just at design time:

  • Database-level tenant isolation policiesas a backstop beneath the application layer — even a bug in application-level filtering can't leak another tenant's rows.
  • An automated capability auditthat walks every API route in the codebase and confirms it's gated to the caller's own organization before it ships.
  • A live isolation probethat authenticates as one tenant and attempts to read another tenant's real data over HTTP — any leak fails the check outright.

Backups & disaster recovery

Backups run nightly and ship off-box to a separate server, so a single machine failure can't take out both the database and its backups. Retention is spread across three tiers: 12 daily, 8 weekly, and 6 monthly snapshots.

We don't just trust that backups work — we test them. On a quarterly cadence, we restore a real production backup into a disposable scratch environment and time it. Our most recent drill restored a full production database (99 tables) in 23.2 seconds, with a clean, complete result. Live application and backup status: hub.makertoo.com/status.

Authentication & access control

Sessions use signed, httpOnly cookies; passwords are hashed and never stored in plain text. Two-factor authentication (authenticator-app TOTP) and passkeys (WebAuthn) are available on every account, and an organization owner can require two-factor for their whole team.

Role-based access control (owner / admin / member / viewer) governs who can read, write, or change settings — read-only "viewer" access is enforced centrally, not left to individual screens to get right. Authentication and other public-facing endpoints sit behind durable, persistent rate limiting that survives restarts and deploys, not an in-memory counter that resets on every release.

Monitoring & incident response

Errors and exceptions are captured by an error-tracking instance we host ourselves — we don't forward stack traces or request data to a third-party error-monitoring SaaS. Alerts route to our own on-call channel in real time.

AI & data processing

AI features (drafting, research, meeting transcription) are opt-in per organization. You can supply your own API key for any supported provider, or point the platform at a fully local model you host yourself — cloud AI is never a hard requirement to use the product. When cloud AI is enabled without a customer-supplied key, requests are processed by the provider your organization chose — see Subprocessors.

We do not use paid third-party data-enrichment vendors — no people-data resellers, no contact-unlock services. Email-pattern discovery is first-party and pattern-based, not purchased.

Procurement checklist

The common questions, answered directly, with a link to the evidence.

QuestionAnswerEvidence
Where is our data hosted?EU only — Germany and FranceInfrastructure
Is data isolated per tenant?Yes — app-layer scoping, a DB-level backstop, and a live automated probeTenant isolation
Are backups actually tested?Yes — quarterly restore drills, timed, into a disposable environmentBackups & disaster recovery
Is 2FA available and enforceable?Yes — TOTP and passkeys, org owners can require it org-wideAuthentication
Do you use paid data-enrichment vendors?NoAI & data processing
Who processes our data?Listed by name, with purpose and locationSubprocessors
Is there a Data Processing Agreement?YesDPA
Is there a live system status page?Yes — public, no login requiredhub.makertoo.com/status

Subprocessors

Who we share data with, and why — depending on which modules your organization actually enables. Several rows below never see your data unless you turn the related feature on.

SubprocessorPurposeLocationWhen
Contabo GmbHInfrastructure hostingGermanyAlways
HostingerInfrastructure hosting (mail)France / LithuaniaAlways
CloudflareDNS & edge networkGlobal, EU points of presenceAlways
Google WorkspaceCompany emailEU/USAlways
WisePayment processingUK/EUOnly if invoicing/payments are used
TelegramInternal operational alerting (our own ops team, not client-facing)Internal use only
DeepSeekLLM inference (drafting, research)Outside the EUOnly if cloud AI is enabled and no customer key/local model is supplied
GroqMeeting transcriptionUnited StatesOnly if meeting transcription is enabled
ApifyOptional lead-sourcingCzech Republic (EU)Only if the sourcing module is enabled and used

Invoice Ninja (invoicing) runs on infrastructure we operate ourselves — it is not a third-party processor. We'll notify customers of material changes to this list.

Contact

Questions about this page, or need something in writing for your security review? Email [email protected] — we typically respond the same business day.