Primary site
Nuremberg
Hetzner Online GmbH · ISO-27001 certified
This is where the application, the database, and the backups live. 15 minutes from the train station — we've seen the building.
Privacy
Your data. In Germany. Encrypted.
Aldor handles sensitive data — client names, addresses, Pflegegrade, notes. We treat it the way we'd want our own data treated. Here's what that means in plain terms, and what you can rely on.
Four promises
What you can rely on.
-
01
Encrypted at rest
Client names, addresses, phone numbers, Pflegegrade and notes are encrypted before being written to disk. Anyone holding a database backup would only see unreadable strings.
-
02
Hosting in Germany
Aldor runs in two Hetzner Online GmbH data centres — Nuremberg and Falkenstein. No US cloud. Data does not leave the EU. Backups stay in Germany too.
-
03
Complete history
Every change to a client, visit, invoice or employee record is logged — who, when, with which prior value. At your annual recognition audit you don't have to assemble anything.
-
04
Your data is yours
Export your data as CSV or PDF whenever you like — including after cancellation. 30 days after contract end, the data is deleted. No lock-in.
Where Aldor runs
Two German data centres. That's it.
We host Aldor in Nuremberg and Falkenstein, with Hetzner. Both centres are ISO-27001 certified. If one site goes down, the other takes over — your data lives in two places, both in Germany.
Mirror site
Falkenstein
Hetzner Online GmbH · ISO-27001 certified
A second copy lives here. If Nuremberg goes down, Falkenstein takes over. Either way — everything in Germany.
Backup
Encrypted, in Germany
Daily backups, encrypted, in a separate space. Data does not leave the EU, even in an emergency.
Outside world
Nobody else
Aldor doesn't ship data to advertising or analytics services. What comes to us, stays with us.
What we don't see
We can't just casually read plaintext either.
Aldor encrypts sensitive columns before they hit disk. That's not marketing — we ourselves can't simply pull a client name out of the database.
-
Client names and addresses
Stored encrypted. A database backup contains no readable names.
-
Phone numbers and Pflegegrade
Stored encrypted. Sensitive health data has its own key, separate from general master data.
-
Observations and notes
Stored encrypted. What your employee writes about a client's living situation is visible only to you.
Who else works with the data
Three providers, all named.
Aldor runs on our own servers. Three external services support us in specific places — all in the EU, all named. No more third parties are involved.
| Provider | For what |
|---|---|
| Hetzner Online GmbH Germany | Application hosting, database, backups. |
| Google Cloud (Gemini · Maps Routing) Google Ireland Ltd. | AI suggestions in Aldor (Lotte) and optimal tour routing. EU region only. Client names are masked before being passed along; addresses and routing requests carry no client identifiers. Data may not be used to train models. |
| finAPI GmbH Germany | PSD2 bank reconciliation for self-payer remainders (optional, Pro tier). |
List confirmed before every onboarding. Changes announced 30 days in advance by email, with right of objection. Data-processing agreements under Art. 28 GDPR are in place with every provider and included with your Aldor contract.
Contracts and laws
Where the law says "must," Aldor says "yes."
GDPR
Processing under Art. 6(1)(b) and (f), data-processing under Art. 28. Full technical and organisational measures as a contract annex.
BDSG (German Federal Data Protection Act)
Records of processing maintained, DPIA prepared per module, external DPO from 20 employees onward.
SGB XI / AO
10-year retention for billing- and tax-relevant data. § 45a SGB XI provider recognition with documentation duties — all reportable on demand.
ISO 27001
Hetzner data centres ISO-27001 certified. Aldor itself isn't certified (too small), but built to the same standard.
Still have a question?
Talk to a founder directly.
Privacy isn't a checkbox to us. If you have a specific concern or want to read the data-processing agreement before signing, write to us. You'll be talking to a founder, not to sales.