Security & Compliance
Enterprise-grade security with ISO 27001:2022 certification, GDPR compliance, and German data residency. Your data protection is our top priority.
ISO 27001:2022
Certified
GDPR
Compliant
Made in Germany
EU Data Residency
AES-256-GCM
Encryption
Security Features
Comprehensive security measures at every level of our infrastructure
ISO 27001:2022
Certified information security management system with comprehensive policies and controls.
GDPR Compliance
Full compliance with EU General Data Protection Regulation including DPA support.
German Infrastructure
All data processed in Hetzner's ISO 27001-certified data centers in Germany.
Encryption
TLS 1.2+ in transit, AES-256-GCM at rest. Your data is encrypted at every step.
How We Handle Your Data
Transparency is key. Here's exactly what happens to your data.
We Do
- Process your text in memory only
- Encrypt all data in transit (TLS 1.2+)
- Encrypt sensitive data at rest (AES-256-GCM)
- Maintain audit logs for compliance
- Process data only in Germany (EU)
✕We Don't
- ✕Store your original text content
- ✕Train AI models on your data
- ✕Share data with third parties
- ✕Transfer data outside the EU
- ✕Keep logs of processed content
Frequently Asked Questions
Does anonymize.today store my text after processing?
No. Text submitted to anonymize.today is processed in memory on the server and results are returned immediately. No user content is stored on the servers after processing. Authenticated users can optionally enable encrypted operation history (AES-256-GCM), which stores metadata about past operations but not the original text content.
Where are anonymize.today servers located?
All anonymize.today servers are located in Hetzner's ISO 27001:2022 certified data centers in Nuremberg, Germany. Data is processed and stored exclusively within the European Union. No data transfers occur outside the EU/EEA.
Does anonymize.today train AI models on my data?
No. anonymize.today uses deterministic regex-based pattern matching powered by Microsoft Presidio — not AI or machine learning models. No user data is used for training, fine-tuning, or improving any models. The platform does not collect, aggregate, or analyze user content for any purpose beyond the requested PII detection and anonymization.
What encryption does anonymize.today use?
anonymize.today uses TLS 1.3 for all data in transit with HSTS enabled. The Encrypt anonymization operator uses AES-256-GCM for reversible encryption. The desktop app uses Argon2id key derivation with BIP39 24-word recovery phrases and AES-256-GCM encrypted local vault storage. Sensitive data at rest (encryption keys, API tokens, 2FA secrets) is encrypted with AES-256-GCM.
Is a Data Processing Agreement (DPA) available?
Yes, a GDPR-compliant Data Processing Agreement (DPA) is available for all paid plans on anonymize.today. The DPA covers data processing terms, security measures, sub-processor lists, and data subject rights. Request a DPA through the contact form at anonymize.today/contact or by selecting 'Privacy Inquiries' in the contact options.
Need More Details?
Explore our comprehensive security documentation or contact us for specific compliance requirements.