The protection of your privacy and your personal data is important to us. Our team works intensively in the background to keep your data secure, protected and private. This is reflected in the design of our software.

Encryption at rest

All data stored in Falcon's operational network is encrypted using AES-256. This applies to all types of stored personal information such as first and last names, email addresses, activities or measures. The key management is exclusively under the control of Nordantech. All encrypted values are signed using a message authentication code (HMAC-SHA-256) so that the underlying value can not be modified or tampered with once encrypted.

Encryption in transit

Falcon uses the latest encryption technology to encrypt traffic in transit using TLS 1.3 protocols, AES-256 encryption and SHA-256 signatures. The key exchange is secured using RSA-2048 encryption. Mail transmission is also encrypted using opportunistic TLS.

Multi-factor authentication

With two-step confirmation (2FA) by a TOTP authenticator app or sending a HOTP via SMS or email, user accounts can be additionally secured in case unauthorized persons get hold of a password. Once activated, users must enter a confirmation code when logging in to confirm their identity. The security settings of a hub allow the mandatory setting of 2FA for all users.


Falcon will soon support authentication via SAML. Connect your company's SSO environment and manage Falcon users centrally via your IT.

IP filter

Achieve more security with Falcon's IP filter. The use of Falcon can be restricted to a stored CIDR Allowlist. This means your resources are only accessible from your internal company network.

Audit log

Falcon provides a comprehensive audit log. Export all operations within Falcon for analysis and tracking of all your users' actions.

Server in Germany

All Nordantech servers are located in Germany. Falcon thus complies with the requirements of the German Data Protection Act and the EU General Data Protection Regulation. In the event of higher resource consumption and heavier loads on the infrastructure, Falcon simply adds further server instances within a few minutes. This way Falcon does not break a sweat even in stressful situations. Falcon's front-end and back-end are delivered worldwide via a Content Delivery Network (CDN) with more than 300 edge locations. This not only reduces latency during transmission and SSL handshake, but also ensures a secure connection through a global and secured network.

ISO certified data centers

All data centers are ISO 27001 certified and offer a world-leading security standard. The data centers are protected by security guards, video surveillance, alarm systems, emergency power supply, security protocols, authentication rules, etc. 24 hours a day, 365 days a year.

Backups at different locations

All data is stored physically redundant and encrypted (AES-256) in high-security data centers. Automatic point-in-time backups at different locations prevent data loss in exceptional situations such as hardware failure or natural disasters. Falcon's systems operate physically redundant in different availability zones. In this way, we reduce the risk of downtime during unforeseen events such as accidents and disasters. In addition, we regularly perform disaster recovery tests on test systems.

Resistance to attacks

IDS and IPS monitor all networks and/or systems for malicious activity and scan suspicious content. Heuristics-based network flow monitoring and built-in mitigation of common and most prevalent DDoS attacks ensure that IT systems are resilient to attacks. To prevent flooding or breadth-first attacks, Falcon sets an upper limit on how many times someone can repeat an action within a given time frame - for example, attempting to log in to an account (API rate limiting and login throttling).

XSS validation and antivirus

Falcon considers all incoming input values as unsafe and validates them before further processing on the server side. In the process, the inputs are also scanned and filtered for cross-site scripting. All uploaded files are automatically scanned for malware and other threats by Falcon's antivirus service. So you can always be safe and download files from Falcon worry-free. A Web Application Firewall (WAF) further protects all systems from common Internet threats and bots that can affect availability or security, or place an excessive load on resources.

Notifications of unusual logins

The security of user accounts is enhanced by email notifications sent when a login is attempted from an unknown device or internet browser. These messages provide information about the device from which someone tried to sign in and the location of the device. This allows Falcon users to respond immediately to suspicious logins. Additionally, logins from new devices or new locations must always be confirmed with a confirmation code for security reasons.

System status always visible

To ensure timely handling of vulnerabilities and security incidents, Falcon has extensive monitoring systems for different levels (application, system, infrastructure). Vulnerabilities or security incidents can thus be quickly identified, assessed and dealt with. All customers are informed about security incidents in a timely manner. In case of a problem that leads to a restriction of the use of Falcon, but also to build the trust relationship with our customers and partners, we publish the status and availability of the software and all distributed systems for the last 12 hours, 7 days, 30 days and the whole year on our status page.

Code analysis and pentests

All deployments of Falcon's source code are fully automatically checked for errors and inconsistencies using unit and integration tests as well as static code analysis. In this way, problems are already detected during development. Regular penetration tests by external cyber security experts confirm Falcon's high level of security and provide us with important insights for all ongoing improvements. We use state-of-the-art standards in the areas of authentication and session management, access control, data validation, logging, error handling, data security and cryptography.

Delimited networks

Nordantech divides its systems into separate networks to better protect sensitive data. Systems that support testing and development activities are hosted on a separate network, separate from application systems. Sensitive systems, such as database servers, have no public interfaces and can only be accessed internally over private networks. Network access to Falcon's production environment is only possible with 4096-bit keys via a standby bastion host and IP-restricted to Nordantech.

Nordantech and the GDPR

For Nordantech, security and privacy are of paramount importance. Our customers attach great importance to the following important questions, which we answer here.

  • Are my data secure in Falcon?

    Nordantech uses a variety of methods to protect your data. All data is stored encrypted using AES-256 and transmitted over secure connections. We are proud to exceed applicable industry security standards with Falcon and are constantly working to improve the security, redundancy, stability, and performance of our service. Many of our security procedures are also described on this website.

  • Where is Falcon hosted?

    For the operation of Falcon, we exclusively use our own servers in the German data center (Frankfurt) of our provider Amazon Web Services. The data is stored encrypted using AES-256 within our own private cloud (VPC) and is not accessible to third parties. Additional servers within the EU are also used for the active connection between the front- and backend. A current overview of all subcontracting relationships can be found here.

  • Who owns the data transmitted to Falcon?

    Nordantech does not become the owner of your data at any time. You, the customer, own and control all content submitted to Falcon. We process your data on your behalf. We do not use or process your data for any other purpose beyond your request. You can find all further information on the handling of your data in our current privacy policy.

  • Does Nordantech retain my data after the end of its use?

    The default setting is that all data is stored as long as a Falcon hub exists. All test hubs are automatically deactivated after 30 days and released for deletion after another 3 months. For paid hubs, the situation is different after deactivation. These are archived for a period of 12 months for security reasons and only then released for final deletion. All data released for deletion (also via Falcon's trash function) will be permanently and irretrievably deleted after 3 months. If you wish an earlier manual deletion, please contact us.

  • What export and security options are available to me?

    All administrators can export all hub data (profiles, schedule, effects, status) at any time. Each export is accompanied by an email with a download link and the location information of the requesting user. The download is then possible for 3 days. After this period, the export file will be deleted.

  • Does Nordantech conclude contracts for order data processing?

    Of course we have a standard order data processing (so-called ADV contract). This can be concluded at any time. If required, simply contact us personally.

Do you have questions about security in Falcon?

Get in touch with us! Our experts will talk to you about your requirements and security in Falcon.

Newsletter illustration Your contact: Arne Brenneisen
Your contact: Arne Brenneisen

We would like to use cookies to improve the usability of our website.