
Platform
Multi-tenant architecture
Workspace-isolated environments, each with its own users, projects, and data — fully separated per customer/tenant.
Project & organization management
Create and manage organizations (clients/customers), projects, and link them together. Track project members with three types: internal, customer, and external.
Time tracking with approval workflow
Timesheet entries per project/user with a formal verification flow. Built-in accountability between team members and project managers.
Role-based access control
Roles with distinct permissions, so internal staff, clients, and external collaborators each see only what's relevant to them.
Contract & budget tracking
Per-project contracts with budget, contracted hours, hourly tariff, currency, consumed/invoiced/remaining hours and amounts — real-time budget burn visibility per client contract.
Task management & Meeting notes
Task items per project and per user, with status tracking.
Create and append to meeting notes per project, with attendee tracking — a running, collaborative record of project meetings.
Frequently asked questions
Your data is stored entirely within the European Union on infrastructure provided by Leaseweb Amsterdam, Netherlands. All primary storage, databases, backups, and logging systems run exclusively on EU-based servers. No data ever leaves European jurisdiction.
- At Rest: All data stored on disk is encrypted using AES-256, the industry standard for strong symmetric encryption. This includes databases, object storage, and file systems.
- In Transit: All communication between your browser and our servers, as well as internal service-to-service traffic, is encrypted using TLS 1.2+ with modern cipher suites. We enforce HSTS to prevent downgrade attacks.
- Backups: Backup snapshots are encrypted before leaving the primary storage layer and remain encrypted at rest in the backup destination.
- Frequency: Incremental backups are taken every 6 hours, with full snapshots performed daily.
- Retention: Daily backups are retained for 30 days, weekly full backups for 90 days.
- Location: All backups reside on separate infrastructure within the same Leaseweb Amsterdam data center, ensuring they never leave the EU.
- Testing: Backups are regularly tested for integrity and successful restoration as part of our disaster recovery drills.
Leaseweb's Amsterdam data center facilities implement enterprise-grade physical security, including:
- 24/7 on-site security personnel and CCTV surveillance
- Biometric and badge-based access controls
- Redundant power supplies (UPS + diesel generators)
- ISO 27001 and SOC 2 Type II certifications
We follow the principle of least privilege. Access is tightly controlled:
- Only authorized engineering and ops personnel can access production systems, requiring multi-factor authentication (MFA) and VPN connectivity.
- All access is logged and auditable. We maintain an immutable audit trail of every privileged action.
- Customer data is logically isolated per tenant—we never share databases between accounts.
- No third-party vendor or partner has access to your data.
Yes. Since all data processing and storage occurs exclusively within the EU, your data is never subject to foreign surveillance frameworks or cross-border transfer mechanisms (such as Standard Contractual Clauses). Additionally:
- We operate as a Data Processor under GDPR and offer a signed Data Processing Agreement (DPA) upon request.
- We support Data Portability—you can export your data at any time in standard formats.
- We support the Right to Erasure—upon verified request, your data can be permanently deleted within 30 days, including from backups.



