Security & data
Your content, your server
GawendaCMS runs on your own infrastructure. Your content and data sit where you decide — not in a foreign cloud. You operate the system yourself under a perpetual licence; the software code stays with the studio (governed by the licence agreement).
Data protection built in
Hidden photo metadata is automatically removed on upload, transfers are encrypted, and the permissions finely control who sees what. That's a solid basis for GDPR-compliant operation. For maintenance access involving personal data we conclude a DPA under Art. 28 GDPR.
Less attack surface
A large share of hacked websites run via outdated add-on modules. Because GawendaCMS manages without such a plugin collection, there are far fewer gateways — clean, lean code is by nature harder to attack.
Why this gives you peace of mind
You know where your content sits, who has access and that the attack surface is small. Data sovereignty here is no marketing word but a consequence of everything running on your side.
Sign-in doubly secured
Every sign-in is additionally protected by a two-factor code: alongside the password, a 6-digit code arrives by email and expires after ten minutes. Tenant separation is checked regularly in security reviews — most recently in July 2026 with no findings — and security-relevant updates are applied continuously.