Conformant with the National Security Framework
Facturaz has completed a self-assessment against the Spanish National Security Framework (ENS, RD 311/2022) at the BASIC category and holds a signed Declaration of Conformity.
How we protect your data
Concrete controls, not promises. Here is what is in place today.
Encrypted in transit and at rest
All traffic uses TLS (HTTPS) with HSTS; data is encrypted at rest by our infrastructure providers.
Per-user data isolation
Every record is enforced at the database level (Row-Level Security), so one customer can never see another’s data.
Two-factor authentication (2FA)
Protect your account with a second factor (authenticator app, TOTP); a stolen password alone is not enough to get in.
Strong password policy
Minimum 12 characters with upper-case, lower-case and a digit, enforced identically at sign-up, reset and change.
Audit logging
Security-relevant actions are recorded in an append-only log that cannot be altered or deleted.
EU data hosting
Database, authentication, storage and compute all run entirely within the European Union.
Backups
Managed backups are enabled, with a documented restore procedure.
Secure development
Every change runs through type-checking, code analysis and automated dependency auditing.
Abuse protection
Anti-bot verification on registration and per-endpoint rate limiting.
Built on certified infrastructure
Facturaz runs on leading infrastructure providers that maintain ISO/IEC 27001 and/or SOC 2 certifications. Payments are handled by a PCI DSS Level 1 payment processor; we never store card numbers.
Data protection (GDPR)
We minimise data, restrict access, keep audit logs and respect your rights. We act as data controller and use processors under data-processing agreements. Privacy Policy.
Invoice with peace of mind
Enterprise-grade security and ENS conformity, included in every plan.
Last reviewed: May 2026.