Safety & Privacy

Secure from the start

Security against external threats imposes tough security demands on hardware and software. With our Spiegelapp cloud platform, we followed the principle of “Security by Design” from the planning and conceptual phase. Security has been a top priority since the very first development phase.

Data is very valuable 

All organisations that process personal data must be able to show that they comply with the GDPR standards. Data is very valuable to organisations, but privacy is even more important. The Spiegelapp secures (personal) data using Two-factor Authentication. Persons with the correct authorisations have access to anonymous HR and management data. All data is stored securely on a server in the Netherlands.


Handling personal data responsibly depends on adequate data security. Poor security can lead to data breaches, which can have serious consequences. 

In addition, since 25 May 2018, the same privacy legislation has been in force across the EU: the General Data Protection Regulation (GDPR). The Spiegelapp complies with all security criteria (ISO 27001 and NEN 7510:2017 certificates)

See our documentation for more information about our information security policy for one of our clients in the public sector.


Security factors

Data protection and security for your Spiegelapp platform solution.

Our objective is to secure your employee data and your organisation’s data. Our Spiegelapp platform (a cloud SaaS platform) and all add-ons were designed, planned and implemented from the ground up in accordance with the “security by design” principle. Redundant security mechanisms provide the highest possible security for your platform and data.

Certified data centres

We use standard hardware and software in certified data centres (in compliance with ISO/IEC 27001) to host and serve all the applications on our platform.

Hosted in the Netherlands

Our services are exclusively hosted in the Netherlands (Amsterdam). The data centres we use are comprehensively certified, are secured against DDoS attacks (NAWAS) and have multiply redundant connections. 

Redundant backups

All collected data is stored in separate, certified, multiple-redundant data centres. If the worst happens, we ensure you can access your data at all times. 

Encrypted data transfer

Encrypted data transfer is used to transfer data between the browser and server. We use mature, proven protocols (TLS 1.2).

Role-based access control

Our permissions management makes it possible to assign an unlimited number of roles with individual access authorisations. Available roles: Spiegelapp user, management and HR dashboard user and CMS user.

Our security promise

We are convinced that digitalisation, and particularly the use of cloud technology, is the key to enabling and implementing innovative solutions. We would all prefer if security and data protection were not needed. Nevertheless, they are a non-negotiable requirement that must be dealt with from the start and built in to the design of IT systems.



This is why Spiegelapp permanently guarantees the highest security and data protection standards. If any aspect of the operation of our services or our security and data protection guarantee is unclear, please don’t hesitate to contact us by sending your questions to 

WhatsApp us now!       Support