Security Overview
Last updated: 29 June 2026
This page explains, at a high level, how we keep batapp and your data secure.
The short version: Your data is hosted in the EU, encrypted in transit, kept on access-controlled infrastructure with encrypted backups, and reachable only through role-based access that we limit and log.
By using batapp you also agree to our Terms & Conditions and Privacy Policy.
Where batapp runs
- Hosting: Our production systems run on dedicated infrastructure at a Hetzner data centre in Nuremberg, Germany (EU).
- Edge & storage: We use Cloudflare for edge security and DDoS protection, and Cloudflare R2 (in the EU) for object and backup storage.
- Database: Our database platform is self-hosted by Albertec on our own infrastructure — it is not operated for us by a third party.
Encryption
- In transit: All traffic to and from batapp is encrypted with TLS (HTTPS). The mobile apps use the same encrypted connections.
- At rest: Backups are encrypted before storage, and uploaded files (such as asset photos) are encrypted at rest in object storage. The production database runs on dedicated, access-controlled infrastructure in the EU.
- Passwords: Stored hashed — a one-way scramble that is never reversible and never stored in plain text.
Backups
- Backups are automated and encrypted before storage.
- They're stored separately from the live application, so a problem with one doesn't take out the other.
- We test restores periodically.
Backup frequency depends on your plan — see Pricing and, for Enterprise, your SLA.
Service continuity
Because backups are encrypted and stored separately from the live system, we can recover from a failure of the primary infrastructure. If a disruption occurs, our aim is to restore service promptly and keep affected customers informed.
Defined recovery-time targets and tailored continuity commitments are available to Enterprise customers as part of an SLA.
Access control
- Role-based access (RBAC): Within your organisation, what a person can see and do depends on their role (Viewer, Scanner, Editor, Admin). Your admins control who has access, and least-privilege roles let you give people only the access they need.
- Multi-tenant separation: batapp is a multi-tenant service — organisations share the same underlying infrastructure, but each organisation's data is logically separated and isolated so that one organisation can never access another's data.
- Staff access: Access to production is limited to the staff who need it to run and support the service, and is logged and reviewed periodically. Helping you can require broad access to your organisation's data, so our support staff use a separate Support role that only Albertec can assign — your admins can't grant it. That access is given only when needed, kept temporary, and used solely for troubleshooting.
Authentication
- Users sign in with an email address and password, or with Google or Apple sign-in.
- Passwords are stored hashed (see Encryption).
- batapp does not currently offer SAML/SSO or directory federation. We can consider it for Enterprise customers on request.
Monitoring, vulnerabilities and application security
- We monitor the service for errors and suspicious activity.
- We track and remediate vulnerabilities in our systems and dependencies, and apply security updates on a regular basis.
- The application validates input and isolates each organisation's data.
How we build batapp
- Separate environments: Development and testing happen separately from the live production system.
- Tested before release: Changes are tested before they go live.
- Data used in testing: Development and testing normally use non-production or synthetic data. Where a copy of production data is needed to reproduce or fix a specific issue, it's used only in a controlled environment, limited to authorised staff, and destroyed once the work is done.
- Cryptography: We rely on standard, well-established cryptographic libraries — we don't write our own cryptography.
- Security in development: Security is considered as part of how we design and ship changes.
Data deletion
When you delete data or your account, it's removed from the live system and ages out of our backups in line with our backup cycle. Retention periods and how deletion works are set out in full in our Privacy Policy. Some records are kept longer where the law requires.
Mobile apps
- The apps request only the permissions they need — camera (for scanning and photos), storage, location (where your organisation requires it), and notifications. You control these in your device settings.
- We don't use background or continuous location tracking.
- Data stored on the device for offline use is held in the app's local storage, protected by your device's own security, and syncs to our servers over an encrypted connection when you reconnect.
See the Privacy Policy for the full breakdown of permissions and offline behaviour.
Responding to incidents
If something goes wrong, we investigate, contain it, and notify affected customers and the Information Regulator where POPIA (or the GDPR, where it applies) requires it — without undue delay.
To report a vulnerability, suspected compromise, or abuse, see our Security Contact page.
Enterprise assurance
Need more than this page covers? For Enterprise customers we can share deeper detail about our controls under NDA, as part of an Enterprise agreement.
Questions
- Security reports: see Security Contact
- Everything else: [email protected]
