Security

Bytesafe is available as managed SaaS on AWS in the EU, in your own cloud account, on-premise in your data center, or through a certified partner. You choose where it runs.

Deployment options

Most teams use managed SaaS. For stricter data residency or compliance requirements, on-premise and partner-managed deployments are available.

Managed SaaS

Hosted by: Bytesafe (AWS, EU)
Data location: EU (Frankfurt)
Operated by: Bytesafe

Ready to use. No infrastructure to provision or maintain.

BYO Cloud

Hosted by: Your cloud account
Data location: Your chosen region
Operated by: You

Full control over cloud account and region.

On-Premise

Hosted by: Your data center
Data location: Your data center
Operated by: You

Runs inside your network. No data leaves your environment.

Partner (MSP)

Hosted by: Partner-operated
Data location: Partner-defined
Operated by: Certified MSP partner

Managed deployment and operations by a certified service partner.

Deployment	Hosted by	Data location	Operated by	Notes
Managed SaaS	Bytesafe (AWS, EU)	EU (Frankfurt)	Bytesafe	Ready to use. No infrastructure to provision or maintain.
BYO Cloud	Your cloud account	Your chosen region	You	Full control over cloud account and region.
On-Premise	Your data center	Your data center	You	Runs inside your network. No data leaves your environment.
Partner (MSP)	Partner-operated	Partner-defined	Certified MSP partner	Managed deployment and operations by a certified service partner.

Data and encryption

SaaS infrastructure runs on AWS eu-central-1 (Frankfurt). Data does not leave the EU.

All data in transit encrypted with TLS
All data at rest encrypted (AWS-managed encryption / KMS)
Encryption keys managed in AWS KMS with IAM-restricted access
Data backed up regularly, backups encrypted
Data does not leave the EU
GDPR Data Processing Agreement available
Subprocessor list published

Access and authentication

Access is identity-based. SSO and MFA are the perimeter.

SSO via your existing identity provider, all plans
MFA required for all production and administrative access
Role-based access, least-privilege principle
Access rights reviewed periodically and revoked within 48 hours of offboarding
Threat detection and edge controls in place for all production infrastructure
Network segmentation and environment separation between development and production

Application security

Security is part of every code review and release gate, not a final checklist.

Security review at design stage for all new features
Code review for all significant changes
Static analysis and dependency scanning in CI
We run Bytesafe Dependency Firewall on our own development pipeline

Vulnerability management

Findings are triaged by severity. Fixes are tracked against internal SLA targets.

Findings triaged by exploitability and exposure in the application context
Compensating controls applied where upstream fixes are not yet available
Audit logging across all production infrastructure

Responsible disclosure

If you believe you have found a security vulnerability in Bytesafe, please notify us. We will work with you to resolve the issue before public disclosure.

Email: security@bytesafe.dev

Make a good faith effort to avoid violating privacy, destroying data, or disrupting the service
Only interact with accounts you own or have explicit permission to test

Incident response

Report security issues to security@bytesafe.dev. Customer-impacting incidents are communicated via the public status page.

Service availability monitored by a third party
Personal data breaches notified within 72 hours (GDPR)
Custom SLA available for Enterprise customers

Who we are

Bytesafe is built and operated by Bitfront AB, incorporated in Sweden. We have been working on dependency security tooling since 2018.

Security is part of how we operate and develop our products: restricted access, secure development practices, vulnerability handling, and operational monitoring.

For organizations with strict compliance requirements, both on-premise and partner-managed deployments remove Bytesafe from the data path entirely.

GDPR Data Processing Agreement Subprocessor list Privacy policy

Common questions

Where is data stored in the managed SaaS deployment?

In AWS eu-central-1 (Frankfurt). We do not transfer personal data outside the EU.

Can we run Bytesafe in our own environment?

Yes. On-premise deployment is available. No Bytesafe sub-processors are involved in the data plane for on-premise deployments. Contact us to discuss requirements.

Who has access to our data in the SaaS deployment?

Bytesafe operations staff, under GDPR-compliant data processing terms. Production access requires SSO and MFA. A full Data Processing Agreement is available and can be countersigned on request.

What are your breach notification timelines?

Personal data breaches are notified within 72 hours in line with GDPR requirements.

Talk to us about your requirements.

Whether you need SaaS, on-premise, or a partner deployment, we can walk through what fits your environment.

Book a Demo