Maximum data protection and data security.

Paperless is made and hosted in Germany. Our top priority is to protect the data of European businesses.

Security lock above a blue sign. Underneath are documents and forms.

Fully GDPR-compliant

Servers & Hosting

All Paperless servers are located in Germany

Hosted in Germany: Paperless is one of the few providers hosted exclusively on German servers.

Server location: Our servers are located in Nuremberg and Falkenstein in Vogtland, Germany within the European Union. This guarantees that our customers’ and users’ data will never leave the EU.

Data center security: The technical facilities are ISO/IEC 27001 certified. The ISO/IEC 27001 is an internationally recognized standard for evaluating the security of information and IT environments.

Deutschlandkarte mit verschiedenen Server Standorten. ISO 270001 zertifiziert.
Paperless documents and formals are GDPR-compliant. Subcontractors are exclusively from Europe

Solely European subcontractors

EU-privacy laws: Data never leaving the EU is crucial for “Schrems II”-compliant data-processing and -protection. Paperless therefore only uses subcontractors, e.g. for the server infrastructure, which are based in the EU and over which no control can be exercised from outside the EU.

Request list of subcontractors ->

Legally binding eSignatures

Electronic signatures are legally recognized in most countries (including the US and the European Union). In the EU, they are provided for in eIDAS Regulation No. 910/2014 and implemented via county-specific local laws. E.g. in Germany the so-called Trust Services Act (Vertrauensdienstegesetz - VDG) aims to facilitate the use of electronic trust services.

Digital signature field with eIDAS and GDPR compliance
Icon Zertifikat

Paperless Audit Trail: Legally compliant and sealed

All Paperless documents come with a detailed, complete, and traceable description of all operations that are carried out during the document’s lifecycle (e.g. dispatch, data submission, signing, completion, sealing). It contains the date and time of the operation, the type of operation, all data captured with the operation, and identification of the person who performed the operation.

Paperless Dokumente und Formulare sind durch eine Audit Trail geschützt.
Icon Verteilen und Weiterleitung


The audit trail includes a digital certificate that provides non-repudiation for all documents generated and signed using Paperless.

Icon Bestätigung Integrität


A cryptographic seal included in the audit trail prevents any type of alteration of the completed document by encoding a file-specific hash. Paperless verifies the integrity of a given document by comparing the document’s hash with the one stored securely on Paperless’ servers.

Icon Schild mit Sicherheitsschloss


The Paperless audit trail additionally includes a visual certificate of the document’s origin and means of verification of the authenticity of a given document.

Jetzt 14 Tage kostenlos testen.

Kostenlos testen ->

How document recipients & signees use Paperless

Icon Fingerabdruck Identifizierung


Paperless offers multiple authentication options for signers including a secure link via email or direct integration into existing secure applications.

Icon Daten gestaffelt


Everything that is sent to Paperless’ servers is documented unalterable and systematic. All metadata like User-Agents, IP addresses and timestamps down to the millisecond are logged.

Icon Daten Verifizierung

Data Validation

All data entered by recipients and signees is checked both on the client-side and on the server-side for completeness, integrity and correctness.

Icon Ordner Verschlüsselung

SSL encryption

All data and personal information sent to or from Paperless is encrypted in transit using an industry-standard 256-bit encryption with a 2.048 bit RSA key.

Paperless security when logging in thanks to various security mechanisms

Enterprise ready

Identity Management: Automatic user (de-)provisioning via SCIM and user authentication via Single Sign-On (OAuth / OpenID Connect / AD FS) for excellent security compliance.

Access Management: With Role-Based Access Control (RBAC) you can rest assured that only the authorized people within your organization and approved integrations can access your information in Paperless.

Password Policies: Precise rules on the strength of password provide a high level of protection against unauthorized access.

SLA: Service level agreements regarding availability: Paperless is extremely committed to a high availability of the platform and assures this through a service level agreement.


How we build Paperless

Access Control: All system access is limited to a minimal group of people based on the least-privilege principle, with multiple layers of secured authentication required for all critical systems.

Physical Security: Around-the-clock onsite security with strict physical access control such as badge access and manned public entrances that complies with industry standards.

Training: All Paperless employees are trained regularly in security and data protection topics like data handling and storage, GDPR compliance or social engineering attack vectors.

Code Review: We enforce formal code reviews for all application code to minimize chances of bugs with possible security implications.

Illustration in which a crane builds a paperless document or form like a construction kit.
The paperless platform is being tested for optimization

Monitoring and constant improving

Logging: All access to Paperless is logged and stored for six months after which it is automatically deleted. Document submission activities are stored indefinitely and included in the audit trail.

Testing: Thousands of automated software tests are run continuously to detect bugs and minimize the risk of software regressions.

Monitoring: Active monitoring of all hardware, network, platform applications, and tooling ensures the high availability and performance of Paperless. With extensive error reporting and tracing any occurring problem will be reported automatically to our tech team. Automated 24/7 alerting guarantees that in the event of a problem, we will start to work on a mitigation immediately.

Pentesting: Testing and validation of Paperless Security by a third-party penetration tester to further protect the platform from attacks and security breaches is planned for Q1/24.

Ready to go Paperless?

We'll help you turn your paper-based processes into easy digital experiences.