Security policy
Principle: Security is a core element of VitoNode
At VitoNode, the security of your data, devices, and systems is a top priority. Our platform has been built from the ground up to meet the highest technical and organizational security standards – both at the hardware and software levels.
Data security
To ensure that your sensitive data is always protected, we use modern encryption protocols and security measures during both transmission and storage.
• Encrypted transmission: All data communication between devices and servers is secured via TLS/SSL (e.g. for MQTT and HTTPS protocols).
• End-to-end encryption (E2EE): For highly sensitive applications, we support encrypted communication from device to application level.
• Access via authentication only: Access to the web platform is protected by secure login (email + password). Passwords are stored in encrypted form (never in plain text).
Device security
Each device is equipped with built-in protections to ensure that only authorized hardware can communicate with the platform – reliably, even under continuous use.
• Hardware identification: Each device is assigned a unique serial number and is authenticated during platform registration.
• Secure onboarding: Software activation only occurs after physical purchase and manual entry of the serial number – unauthorized remote access is not possible.
• Firmware updates: All updates are encrypted and integrity-checked (OTA – Over-the-Air) to prevent tampering.
• Watchdog mechanisms: evices perform routine self-checks and report anomalies automatically.
Platform & account security
We use comprehensive user account protection and access control mechanisms to ensure secure account handling and structured permission management.
• Role-based access control: Access to data is strictly limited to assigned user roles. Permissions can be defined in detail for each user group.
• Location privacy through free labeling: Location data (e.g. building section, room) can be freely labeled (e.g. “Room A” instead of real addresses), making it harder for third parties to infer physical locations.
• Session management: Active sessions can be monitored and terminated at any time by administrators.
Infrastructure & hosting
Our hosting infrastructure meets high security standards and is located entirely within the EU – protected by physical access control, firewalls, and monitoring.
• Server locations: All data is stored exclusively on servers located within the European Union.
• Access control: Our hosting environment is secured with physical and digital safeguards (e.g. firewalls, access restrictions, monitoring).
• Regular backups: Daily backups ensure data availability and recovery in case of emergency.
Security for connected devices (smart devices)
VitoNode enables the connection of external smart devices or connectable equipment – but only under clearly defined, secure conditions that ensure safe control and traceability.
• Secure interfaces: VitoNode connects to smart home or building devices using only encrypted and documented interfaces.
• No control without authorization: Automated control functions are activated only if explicitly authorized by the user.
• Action logging: All commands are logged transparently (e.g. when an air purifier is triggered due to a threshold violation).
Reporting security incidents
Security thrives on communication. If you discover a potential vulnerability or suspect a security issue, please notify us immediately – confidentially and responsibly.
Email: contact@vitonode.com
Your report will be handled confidentially and reviewed according to our responsible disclosure process.
Continuous improvement
We believe that security requires continuous attention, regular improvement, and a responsible mindset — not just technical solutions. We continually invest in the improvement of our security architecture.
• Regular penetration tests and code audits
• Ongoing security training for our team
• Monitoring of emerging threats and technical developments
Response protocol in case of a data breach
Despite our best efforts, if a data breach or security incident occurs, VitoNode follows a structured and transparent response process:
• Immediate containment and risk mitigation
• Internal investigation to determine the scope, origin, and potential impact
• Notification of affected users within 72 hours, in accordance with GDPR requirements
• Coordination with supervisory authorities where applicable
• Implementation of follow-up security measures to prevent recurrence
All incidents are documented and reviewed as part of our continuous improvement strategy.
Audits, security testing & best practices
VitoNode applies robust internal processes and industry-proven security practices throughout product development and operation. Our security measures include:
• Regular internal code reviews and secure development workflows
• Penetration testing before major releases and deployments
• Data hosting on secure, GDPR-compliant infrastructure within the EU
• Use of reliable encryption and authentication standards, including TLS 1.2+
• Continuous monitoring of vulnerabilities and proactive risk mitigation
We treat security as an ongoing responsibility and continuously refine our systems to meet evolving technical and regulatory requirements.