Teamsware is designed so that all data processing takes place entirely within the customer's Microsoft 365 environment, depending on customer specifications. The platform does not require direct access to customer data and meets the highest standards in terms of data protection and security.

🔐 Core Principles

• 🗂️ Data Sovereignty: All data remains in the customer’s Microsoft 365 tenant. Teamsware does not store any content outside the customer’s environment.
• 🚫 No Teamware User Account: Teamsware is not given its own account in the customer’s system. There are no technical backdoors or generic access rights.
• 🔑 Certificate-Based Access: Access is provided exclusively through a customer-approved Azure AD app using a client certificate. Without explicit admin consent, no access is possible (Teamsware never uses user passwords).

⚙️ Technical and Organizational Measures (TOMs)

• 📉 Principle of Least Privilege: Only the permissions strictly required for each function are requested. Advanced modules (e.g., guest invitations) are disabled by default and must be enabled separately with approval.
• 🧩 Tenant Isolation: Each customer operates in a logically segregated environment. Teamsware’s permissions apply only to specific areas within the tenant, not globally.
• 📝 Audit Logs: All actions performed by the Teamsware app are recorded in Microsoft 365 audit logs. This ensures that all operations are traceable and auditable.
• 📄 No Sensitive Content Processing: Teamsware does not read or store any documents or confidential content from the customer environment. Personal data (e.g., names, email addresses) is used only minimally and for user login/registration purposes.
• 📜 GDPR Compliance: Teamsware acts as a data processor in accordance with Art. 28 GDPR. The customer remains the controller; Teamsware has extensive technical and organizational measures in place to comply with GDPR and local data protection laws.

☁️ Operating on Microsoft Azure

• 📍 Hosting in Germany/EU: Teamsware’s components run on Microsoft Azure data centers in Germany and Western Europe (e.g., Frankfurt, Berlin, Netherlands). All data stays within European jurisdictions, ensuring GDPR compliance.
• 🏅 Azure Security Certifications: Microsoft Azure adheres to industry-leading standards (including ISO/IEC 27001 for information security and ISO/IEC 27018 for cloud privacy). Azure holds the German BSI C5 attestation and aligns with the IT-Grundschutz framework. Regular audits guarantee continuous compliance (details available via Microsoft Trust Center).
• 🔐 Encryption & Network Segmentation: Azure encrypts all data – both at rest and in transit. Strict network segmentation ensures each customer’s environment is completely isolated. 24/7 security monitoring swiftly detects any unauthorized access or anomalies. Even Microsoft administrators have no direct access to customer data without special authorization.
• 🛡️ Physical Security & Redundancy: Azure data centers are protected by multi-layered access controls (badge, biometrics) and continuous video surveillance. The infrastructure is highly redundant (typically 99.9% uptime) and includes robust disaster recovery plans. Regular backups and geo-redundant storage ensure customer data remains secure and can be restored even in extreme scenarios.

📋 Summary for Data Protection Officers

The Teamsware platform meets all requirements for GDPR-compliant cloud usage:

• ✅ No storage of customer data outside the customer’s environment
• ✅ Transparent, granular permission management
• ✅ Technical access control only via Azure AD (no fixed accounts)
• ✅ Full traceability of all actions through audit logs
• ✅ Compliance with GDPR, BDSG, and Microsoft cloud security standards

This architecture ensures that Teamsware has no independent access to customer data. Full control over data and access remains entirely with the customer.