DNA //evolutions

Security & Trust

We build optimization software for enterprises. That means security, privacy, and operational reliability are not add-ons. Moreover, they are part of how we work.

DNA Evolutions is a German company and therefore bound to German and EU law (including GDPR).

Data protection and privacy

  • No data selling. We do not sell customer data or use customer data for advertising.
  • Purpose limitation. We process data only for the purposes agreed with the customer (e.g., providing the service or support).
  • Data minimization. We encourage customers to send only what is needed for optimization (e.g., pseudonymized IDs instead of personal names).
  • Retention control. Data retention and deletion policies are defined per customer engagement (project/service-specific).

If your use case includes personal data (PII), we recommend using pseudonymous identifiers and managing identity mapping on your side.

Compliance and contractual safeguards

  • GDPR-aligned processing. For SaaS usage, we can provide contractual terms suitable for GDPR contexts (e.g., data processing arrangements).
  • Confidentiality. Customer information and results are treated as confidential; NDA frameworks are available where required.
  • IP protection. Your business data, your models, and your results remain yours.

(If you have specific compliance requirements, we align the project setup accordingly.)

Security controls (typical measures)

We apply common industry security practices such as:

  • Access control. Role-based access to systems and environments; least-privilege where applicable.
  • Transport security. Encrypted communication for service endpoints (TLS).
  • Secret handling. Credentials and tokens are managed via secure mechanisms (not hard-coded in repositories).
  • Logging and traceability. Operational logs and run traces can be used for troubleshooting while respecting customer policies.

Deployment and hosting options

Depending on your requirements, JOpt can be operated in different models:

  • Self-hosted (on-prem or your cloud tenant): you keep full control over data and network boundaries.
  • Managed hosting: deployments can be operated in common EU-friendly hosting environments where required.

If you have data residency requirements (e.g., EU-only), we design the deployment accordingly.

Reliability and operations

  • Repeatability. Snapshots make results reproducible and auditable (important for acceptance and compliance workflows).
  • Supportability. Clear interfaces (SDK and REST/OpenAPI) enable stable integrations and controlled upgrades.
  • Resilience planning. Backups, monitoring, and incident-handling procedures are typically defined per customer deployment model.

Your security requirements

Enterprise security is never one size fits all. If you have requirements like:

  • EU-only processing / data residency
  • private networking / VPN / IP allow lists
  • custom retention and deletion rules
  • formal security questionnaires
  • security testing expectations (e.g., pen-test coordination)

…we can align the architecture and project delivery to match.

Contact

For security, compliance, or deployment discussions: