WeldSuite takes the security of your data and our infrastructure very seriously. We are committed to maintaining the highest standards of security, privacy, and compliance.
Last updated: February 2026
At WeldSuite, security is not an afterthought — it is fundamental to everything we build. We understand that our customers trust us with their most sensitive business data, and we take that responsibility seriously. Our security programme is designed to protect the confidentiality, integrity, and availability of your data at all times.
We continuously invest in our security infrastructure, processes, and team to ensure we meet and exceed industry standards. Our approach is proactive: we identify and address potential risks before they become issues.
WeldSuite is fully compliant with the General Data Protection Regulation (GDPR). As a company headquartered in the Netherlands, we are subject to European data protection laws and have built our platform with privacy by design and privacy by default.
WeldReach B.V. acts as a data processor when processing personal data on behalf of our customers, and as a data controller for data we collect directly from visitors and users. We offer Data Processing Agreements (DPAs) to all customers and ensure that any data transfers outside the European Economic Area are protected by appropriate safeguards, including Standard Contractual Clauses.
We support your rights under the GDPR, including the right to access, rectify, erase, and port your data. We also provide tools within the platform to help you manage data subject requests from your own customers and contacts.
WeldSuite has achieved SOC 2 Type II compliance, independently audited by a third-party firm. This certification validates that our security controls and processes are designed and operating effectively over time across the five Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy.
Our SOC 2 report is available to customers and prospective customers under NDA. Please contact us at [email protected] to request a copy.
All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. We enforce HTTPS across all our services and use HSTS headers to prevent downgrade attacks.
All customer data stored on our servers is encrypted at rest using AES-256 encryption. Database backups and file storage are also encrypted. Encryption keys are managed through a secure key management system with strict access controls.
Our infrastructure is hosted on leading cloud providers within the European Union. We utilise multiple availability zones to ensure high availability and redundancy. Our network architecture includes firewalls, intrusion detection systems, and DDoS protection to safeguard our services against external threats.
We conduct regular vulnerability scans and penetration testing by independent security firms. All findings are triaged, prioritised, and remediated according to their severity. Our infrastructure is continuously monitored for anomalies and potential security incidents.
Access to customer data is strictly limited to authorised personnel who require it to perform their job functions. We follow the principle of least privilege across all our systems. All access to production systems requires multi-factor authentication and is logged and audited.
All employees undergo background checks and receive security training upon joining and annually thereafter. Access rights are reviewed regularly and revoked immediately upon role changes or departure.
WeldSuite processes customer data solely for the purposes of providing, maintaining, and improving our services. We do not sell customer data to third parties. We do not use customer data for advertising purposes. Data processing is governed by our Data Processing Agreement, which is available to all customers.
Our primary data processing facilities are located within the European Union. Where data is processed outside the EU, we ensure appropriate safeguards are in place in accordance with GDPR requirements.
We maintain a comprehensive incident response plan that covers detection, containment, investigation, remediation, and notification. In the event of a security incident that affects your data, we will notify you without undue delay and no later than 72 hours after becoming aware of the incident, in compliance with GDPR requirements.
Our incident response team is available around the clock. We conduct regular tabletop exercises and post-incident reviews to continuously improve our response capabilities.
We use a limited number of third-party sub-processors to help us provide our services. Each sub-processor is carefully vetted for security and compliance before engagement. We maintain Data Processing Agreements with all sub-processors and regularly review their security posture.
We will notify customers of any changes to our sub-processor list at least 30 days in advance. A current list of our sub-processors is available upon request by contacting [email protected].
Under the GDPR and other applicable data protection laws, you have the right to access your personal data, request correction of inaccurate data, request deletion of your data, restrict or object to certain processing, data portability, and withdraw consent where processing is based on consent.
WeldSuite provides tools within the platform to help you exercise these rights. For any requests that cannot be handled through the platform, or if you have any concerns, please contact us directly.
If you have any questions about our security practices, compliance certifications, or wish to report a security concern, please contact us:
WeldReach B.V.
Hoofdweg 76, 6744WN, Ederveen, Netherlands
Chamber of Commerce (KVK): 96541636
VAT: NL867653929B01
Security: [email protected]
Privacy: [email protected]
If you believe you have discovered a security vulnerability in WeldSuite, please report it responsibly to [email protected]. We appreciate your help in keeping our platform safe.
in minutes