Security made in Germany

d.velop post, d.velop postbox, d.velop documents light and d.velop dialogue trust in highest security standards.

For the secure, digital delivery and revision-proof archiving of documents in d.velop post, d.velop postbox, d.velop documents light and d.velop dialogue, trust and security are the main focus of the common platform. This means that you can rely on German data protection and the rights of the documents and data you manage, remain with you.
This gives you as a company the advantage of being compliant at all times.

Highest possible security and flexibility

The platform meets the highest security standards and ensures maximum flexibility, which you as a user can always rely on:

  • The data center is located in Germany / EU jurisdiction: The servers are operated exclusively in Germany by the German CANCOM Group and are therefore subject to the strict German data protection laws
  • Independent certification of the data center by ISO
  • The headquarters of the d.velop group is located in Germany, therefore German data protection applies
  • Integration capability of the solution via API, virtual printer and cloud based admin console
  • Individual contract solutions and service level agreements possible

The CANCOM Group’s data center

The infrastructure of the common platform is located in a German data center and is operated by a German company, CANCOM Managed Services GmbH, a subsidiary of the German CANCOM Group.

  • The server locations are operated exclusively on German territory.
  • German data protection applies.
  • The data center has ISO 27001 certification.
  • Certification Trustee Cloud
  • High security firewall systems
  • The data is stored redundantly to prevent data loss.

International Standard for Assurance Engagements (ISAE) 3402 Type II

The data center has passed the International Standard on Assurance Engagements (ISAE) 3402 Type II audit. From the customer’s perspective, the present ISAE 3402 certificate is a valuable addition. Particularly for the annual audit, outsourcing customers require proof of the effectiveness of their IT service provider’s internal control system, which must behave as if it were part of the outsourcing company.

C5 test catalog of the BSI

One of the most demanding test standards for information security and compliance is the C5 Catalogue (C5 stands for Cloud Computing Compliance Controls Catalogue) of the German Federal Office for Information Security (BSI). These C5 requirements have been specially designed by BSI experts for cloud providers and cover all areas that touch on information security issues: From the secure handling of data carriers to security checks of employees assigned to critical tasks and the encryption of network connections.

Excerpt of certificates and prices of the common platform
and the data center of the CANCOM Group.

The Platform

The technologies of d.velop post, d.velop postbox, d.velop dialogue and d.velop documents light are operated on a common platform.

For this platform as well, the highest security precautions are valid in order to protect your data.

Access is only possible via encrypted connections (SSL)

The report shows with the result A+ that we always meet the highest safety standards. Among other things, this enables us to offer a login via German identity card.

Software certification according to IDW PS880

The certificate confirms that, if used correctly, documents can be stored online in an audit-proof manner. The report can be retrieved online: IDW PS 880 Report

Symmetric encryption with AES-256-bit

Each document is stored in encrypted form – according to the current industry standard with AES-256-bit. Each document can be transmitted encrypted.

Asymmetric (double) encryption

If desired, each document can also be encrypted with an additional personal key (public/private key procedure with a combination of AES-256-bit and RSA-4096-bit). This encryption is above the current industry standard. Documents secured in this way cannot be temporarily decrypted by the system – therefore these documents are not previewed and do not appear in search results. This encryption is used for the delivery of sensitive documents (e.g. pay slips).

Hybrid Encryption

Hybrid encryption is a combination of asymmetrical encryption and symmetrical encryption. A random symmetric key is generated, which is called session key. This session key is used to symmetrically encrypt the data to be protected. The session key is then asymmetrically encrypted with the public key of the recipient. This procedure solves the key distribution problem while maintaining the speed advantage of symmetric encryption.

Legal opinion on the issuing of pay slips and the legally binding delivery of electronic documents via d.velop post (formerly “foxdox”). ISO/IEC 27001 certification of the CANCOM data center. If required, we can provide you with the documents. Please contact us at!