Security and Trust
Who develops here, who is liable, where your data lives
Before you award us a project, you want to know who you are dealing with. This page is not for marketing, it answers the questions that data protection officers, compliance teams and IT leads typically ask. If something is missing, just ask.
Who develops
All projects are developed personally by Michael Schiller. No subcontractor, no offshore team, no hand on the code whose contract you have not seen.
One point of contact
Concept, development, maintenance and support are in one hand. You always know who is responsible for a question.
Stack
Ruby on Rails 8, PostgreSQL, Stimulus, Hotwire. Established, well-documented technologies. No exotic frameworks that nobody will understand in five years.
Code ownership
After acceptance, the source code belongs to you. No vendor lock-in, no licensing trap. If you ever want to continue with someone else, we hand over the code along with the documentation.
Where your data lives
Depending on the project, you decide where your application runs. We do not insist on hosting ourselves.
On-premise at the customer
Your server, your sovereignty. The application runs entirely in your infrastructure. We only get access we need for maintenance, and only when you grant it.
Hosting by us in the EU
If desired, we host your application at German or European providers. GDPR-compliant, no third-country transfer, no US cloud middleware.
Backups
Encrypted, geo-redundant within the EU. Retention periods and deletion rules are defined in the project contract, not buried in a terms-of-service clause.
Insurance and liability
A proper professional liability insurance is not marketing, it is a basic requirement. In a claim, there is a real policy behind us, not a letter of regret.
- Insurer
- Markel Insurance SE, Munich. Specialist insurer for the IT and telecommunications industry.
- Product
- Pro IT, professional indemnity and business liability insurance with open coverage for IT service providers.
- Coverage for financial loss
- EUR 500,000 per claim, capped at threefold per insurance year (i.e. up to EUR 1.5 million per year).
- Coverage for personal injury and property damage
- EUR 5,000,000 per claim.
- Cyber and data own-damage insurance
- Additional EUR 100,000 for our own expenses in IT security incidents.
A current insurance confirmation is provided before project start or on request.
When AI is involved
Not every project uses AI. When it does, strict rules apply, which we explain in detail on a dedicated page, including data flow, providers, pseudonymisation and source references.
Principle
European providers take precedence. Pseudonymisation runs before any data leaves the server. Clear-text mapping stays exclusively with you.
Contracts and documents
On request we provide the following documents, before or alongside the project contract.
Data processing agreement (DPA)
Standard form under Article 28 GDPR. We provide the draft, you review, both sign.
Technical and organisational measures (TOM)
Documentation of security measures under Article 32 GDPR.
Insurance confirmation
Current policy and confirmation of coverage from Markel Insurance SE.
Record of processing activities (ROPA)
Text module for your internal documentation, once scope and data flows are defined.
What you will not find on this page
So it is clear what these statements cover and what they do not.
No TISAX. We are not set up for automotive supply chains.
No processing of special-category data under Article 9 GDPR without an explicit project-specific addendum (health data, biometric data, religious belief).
Questions?
If anything in this overview is missing or unclear, write directly. An honest reply comes faster than three rounds of email.
Last updated: April 2026