SevirantaTrust Center
The moment the regulator comes knocking or the first lawsuits land, it's not your marketer who decides but your CISO, Risk Officer and Legal Counsel. This page shows at a glance why Seviranta is the safe, sovereign choice, no vague story, just facts your IT auditor can tick off.
What you can demonstrably find here
Governance and accountability
Clear definition of roles, responsibilities and decision lines.
Data sovereignty and hosting
Insight into where data is processed and under which legal regime.
Security and continuity
Architecture, monitoring and availability explained at a technical level.
Compliance substantiation
Documentation that aligns with how regulators and auditors test.
Your data is processed and stored in the EU
Your source-code scans and customer data are stored and processed inside the European Union (Frankfurt): Supabase on AWS eu-central-1 and our scan worker on Render Frankfurt. In normal processing your data does not leave the EU, under GDPR data processing agreements and EU Standard Contractual Clauses (SCCs). Set that against a US overlay that loads a script from US servers into your checkout on every page view.
0% third-party risk on your live site
An overlay widget loads an external script, often US-based, onto your site on every page view, right into your checkout. That's an extra processor and an extra security and privacy risk you carry yourself. Seviranta never touches your live site: we crawl externally and deliver the fix in your own code. Zero foreign scripts, zero third-party risk.
What your IT auditor can tick off
| Encryption in transit | TLS 1.2+ · TLS 1.3 (Vercel) |
| Encryption at rest | AES-256 (Supabase · Vercel · Stripe) |
| Infrastructure certification | ISO 27001 (Supabase · Vercel) · SOC 2 Type II (+ Render) |
| Payments | PCI DSS Level 1 (Stripe) |
| Data residency | EU · Frankfurt (Supabase/AWS eu-central-1 · Render) |
| Data processing agreement | DPA · SCC's, Supabase · Vercel · Render · Stripe |
Precisely put: Seviranta itself is not ISO 27001 certified, our infrastructure providers are, and that's how we word it. We claim no 100% and no 'military-grade encryption'; only what's verifiable per provider.
Subprocessors
The infrastructure Seviranta runs on, with role, region and certification, all under a GDPR data processing agreement.
| Provider | Role | Region | Certification |
|---|---|---|---|
| Supabase (AWS) | Database, authentication & storage | EU · Frankfurt | SOC 2 Type 2 · ISO 27001 |
| Vercel | Web hosting & CDN | Global CDN | SOC 2 Type 2 · ISO 27001:2022 |
| Render | Scan infrastructure | EU · Frankfurt | SOC 2 Type II |
| Stripe | Payments | EU / Global | PCI DSS Level 1 |
Transparent: Supabase, Vercel, Render and Stripe are US-incorporated but host/process in the EU under a GDPR data processing agreement and EU Standard Contractual Clauses (SCCs). We therefore claim no full 'data sovereignty', but EU data residency with a documented legal framework.
What we store, and what we don't
The free scan stores nothing: no URL, no result. Customer dossiers live in your own account. Our visitor analytics are cookieless, contain no personal data and respect Do Not Track, which is why this site needs no cookie banner.
GDPR by design
Privacy is the starting point, not the appendix. A data processing agreement (GDPR art. 28) is available to every customer; the current sub-processor list is available on request.
Payments through Stripe
All payments are handled by Stripe, a globally certified payment processor. We never see or store your card details, and you manage or cancel your subscription yourself through the secure Stripe portal.
Who is behind it
Seviranta is a trade name of 1Star BV (Chamber of Commerce 65195876, publicly verifiable), a Dutch company doing business in e-commerce since 2016 that built this service when it had to comply with the European Accessibility Act itself. Based in Zutphen, the Netherlands.
Report a vulnerability
Found a security issue? Email us, we respond quickly and report back on the fix. Responsible disclosure is appreciated. info@seviranta.com
Documents and statements
- Privacy , how we handle data, in plain language
- Data processing agreement , the GDPR art. 28 agreement for business customers
- Accessibility , our own accessibility statement, with real measurements
- Terms , the full terms, without small-print tricks
Questions about security or privacy? You'll email a human and get an answer within one business day, in your language: info@seviranta.com
Last reviewed: June 2026