Current measures
- Data minimization by default.
- Explicit permission for sensitive app features such as location-aware reminders.
- Controlled appointment intake and deduplication.
- Auditability for appointment intake, changes and AI-assisted workflows.
- No raw mailbox or full SMS inbox storage by default.
Azure database direction
Dont4get is preparing to move its database layer to Microsoft Azure. Production workloads should prefer European Azure regions where technically and commercially reasonable. Microsoft Azure compliance documentation and Service Trust Portal reports will be used as part of supplier assurance.
Datacenter assurance
Azure provides third-party audit reports and compliance documentation for cloud controls, including ISO 27001 and SOC reports. SOC 1 reporting is based on attestation standards such as SSAE and ISAE 3402. Dont4get will reference Microsoft documentation when evaluating datacenter and platform controls.
Certification roadmap
Dont4get will work toward ISO/IEC 27001, ISO/IEC 42001 and NEN 7510 certification by 1 January 2027 and already works largely according to these standards. Until certificates are formally issued, this is a roadmap statement and not current proof of certification.
Security contact
Security questions can be sent to security@dont4get.io.