Technical Information on the Global Changer Software


As of: June 2025


  • Software as a Service (SaaS): We operate the software in the cloud. Users access their account via their web browser.

  • ISO 27001 / External Audit: We have an information security management system certified according to ISO 27001. The certificate can be requested here: https://trust.globalchanger.com/. Additionally, we successfully conducted an external penetration test in Q3 2024, which is repeated annually.

  • Data Storage Location: Our web servers and databases are exclusively hosted in AWS data centers in Germany (Frankfurt am Main). All uploaded documents are stored with additional security measures. Note: To further increase security for our customers, we are migrating to dedicated servers in Germany (Hetzner) by July 2025. From July 2025 onward, our AI will also run on GPUs exclusively provided for us by a German hosting partner.

  • Interfaces to Your Systems: No interfaces to your existing systems are required. If they are useful from a functional perspective, integrations can be implemented. Your contact person will gladly advise you on this.

  • GDPR Compliance: We strictly follow the requirements of the GDPR and only store data essential for delivering our services.

  • Data Usage: Your data is, of course, not shared with other companies.

  • Encryption: All network traffic is always HTTPS-encrypted (QUIC, X25519, AES_128_GCM, TLS v1.3).

  • Passwords: We do not store passwords directly. They are only stored as salted hashes using industry-recognized libraries.

  • Quality Assurance: We have multiple levels of automated and manual quality assurance. Every piece of source code undergoes peer review, and static code analysis tools are used.

  • Updates: We typically update the software once or twice per week. This ensures you regularly receive new features and security updates. All updates go through a multi-stage release process to ensure functionality. New code is always released internally first.


Details on Global Changer’s System Architecture


To ensure customer data isolation, our services are hosted in a Heroku Private Space (migration to Hetzner in July 2025). To guarantee high availability, we operate all services and the entire network architecture with full redundancy (no single points of failure). The software is operated across all available AWS Frankfurt availability zones. Our database is fully encrypted in transit and at rest using AES 256. Daily, encrypted full backups of all data are created, and their recoverability is regularly tested through “fire drill” exercises. We implement a multi-layer Intrusion Detection and Prevention concept: Traffic is filtered through a Web Application Firewall (WAF) provided by Cloudflare. We use OWASP Top 10 rules, bot detection, country blocks, rate limiting, challenges, and DDoS protection. Heroku also uses an IDPS provider. All traffic is encrypted via HTTPS. We use anomaly detection based on error rates (e.g., HTTP errors) to identify attacks that bypass the WAF. These are stopped in real-time, analyzed afterward, and mitigated. Our hosting environment, as well as our organization, is fully ISO 27001 certified. Our Chief Information Security Officer (CISO) reports directly to the CEO.


Our software adheres to Zero Trust Architecture principles. We are committed to data minimization and offer customers methods for pseudonymization and anonymization. We prefer EU-based subcontractors and have implemented strict access controls (e.g., MFA) and access principles (e.g., need-to-know and least privilege). Login and audit trails are activated wherever possible.

Figure 1: System Architecture of Global Changer


Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.