We use our own platform to manage Reglyze's NIS2 compliance posture. The data on this page is generated live from our own account — same scoring, same policies, same controls our customers use. No marketing fluff, just our actual numbers.
Last updated: 7 April 2026 at 17:18 • Refreshed hourly from api.reglyze.com/api/public/trust/reglyze
Name
Reglyze
Country
FR
Sector
digital_providers
Headcount
5
NIS2 Status
Each control is scored on implementation (0-3) and documentation (0-3). Maturity = combined.
DPAs signed with all critical vendors. Annual review cadence documented.
Hetzner ISO 27001, Cloudflare ISO 27001/SOC 2, Stripe PCI-DSS Level 1, GitHub SOC 2. Documented.
TLS 1.3 everywhere, container isolation, defense-in-depth. Documented in Information Security Policy.
Vulnerability Management Policy documented. Dependabot weekly. Public security.txt.
Quarterly self-review schedule documented. Compliance score tracked over time.
Cyber hygiene baseline documented for current team.
MFA, password manager, encrypted devices, no admin local accounts. Documented.
Cryptography Policy documented. TLS 1.3, bcrypt, encryption at rest.
HR Security and Access Control policies documented.
HR Security Policy documented.
App-level RBAC. SSH key-only. Access Control Policy documented.
Asset Management Policy documented. Inventory via Hetzner/Cloudflare consoles.
MFA on all critical systems. SSH keys only. Documented in Access Control Policy.
Risk-aware engineering practices documented in Information Security Policy.
Formal Incident Response Plan documented and approved.
Business Continuity Plan documented covering backup, DR, and crisis management.
Hetzner managed daily DB backups, 7-day retention. Documented in Backup/DR plan. Restore tested.
DR procedure documented in Backup/DR plan. First restore drill executed.
Crisis comms plan documented in BCP. Founder + emergency contacts defined.
5 critical suppliers documented with criticality and data shared. Supply Chain Security Policy in place.
Founder baseline training documented. Will scale on first hire.
The third parties we depend on. NIS2 Article 21(2)(d) requires organizations to manage supply chain risk.
Hetzner Online GmbH
Cloud infrastructure / hosting
Data shared: All application data, customer accounts, encrypted backups
Cloudflare
CDN, DNS, WAF, TLS termination
Data shared: All HTTP/S traffic metadata, no plaintext payloads
Anthropic
AI/LLM (Claude API for document generation)
Data shared: Customer organization context for document generation prompts
Stripe
Payment processing and billing
Data shared: Customer billing details, subscription metadata
GitHub
Source code hosting and CI/CD
Data shared: Source code, deployment secrets via Actions
All generated by Reglyze itself, tailored to our environment.
Reglyze Cryptography Policy
Updated 7 Apr 2026
Reglyze Vulnerability Management Policy
Updated 7 Apr 2026
Reglyze Access Control Policy
Updated 7 Apr 2026
Reglyze HR Security Policy
Updated 7 Apr 2026
Reglyze Business Continuity Plan
Updated 7 Apr 2026
Reglyze Asset Management Policy
Updated 7 Apr 2026
Reglyze Backup and Disaster Recovery Plan
Updated 7 Apr 2026
Reglyze Incident Response Plan
Updated 7 Apr 2026
Reglyze Supply Chain Security Policy
Updated 7 Apr 2026
Reglyze Information Security Policy
Updated 7 Apr 2026
Most compliance vendors talk about security but never show their own posture. We think that's backwards. If our platform is good enough for our customers, it's good enough for us.
Every score, control, supplier, and policy on this page comes from the same Reglyze platform we sell. There's no separate trust portal, no manually-curated security PDF. It's the live data, refreshed hourly via our own public API.
You can verify it yourself: api.reglyze.com/api/public/trust/reglyze