MeinDatensatz
DE EN
GDPR-compliant · End-to-end encrypted · Made in Germany

GDPR Transparency
at the push of a button

Companies provide customer data securely. End customers can view and correct it — without manual effort, without plaintext data in the cloud.

View pricing Contact us

Trusted by companies · Servers in Germany

AES-256 / XSalsa20
Encryption at rest
GDPR Art. 15 & 16
Automated compliance
0 plaintext records
In database or logs
OTP-only login
No password risk
How it works

We see no data.

All encryption operations happen in the browser. What our servers store is exclusively ciphertext — mathematically unreadable without the passphrase.

01

Upload data

The company transfers customer records to MeinDatensatz in encrypted form. The original data never leaves the secure transfer as plaintext.

02

Send invitation

End customers receive a single-use signed access link by email. The passphrase is transmitted separately — secure by design.

03

View & correct data

The end customer unlocks their data with the passphrase, reviews it, and sends corrections back — encrypted, audited, tamper-proof.

Features

Everything you need for GDPR subject access

No custom development. No operations. Ready to deploy immediately.

End-to-end encryption

XSalsa20-Poly1305 (libsodium). No plaintext in database or logs. Passphrase is never stored.

Single-use access token

Only HMAC-SHA256 hash stored. 7-day expiry. After unlock: session-based access with 30-min idle timeout.

OTP authentication

No password risk: admins sign in with a one-time 6-digit code — maximum 5 attempts per hour.

Complete audit log

Every access, every change, every export is logged tamper-proof — without PII in the logs.

Tenant isolation

Full data isolation. All database queries are tenant-scoped. No cross-tenant access possible.

Automated email invitations

End customers receive a signed link with your tenant branding. No sensitive content in the email body.

FAQ

Frequently asked questions

Can't find what you're looking for? We're happy to help.

Each record gets a random 32-byte key (dataset_key) with which the payload is encrypted via XSalsa20-Poly1305. The dataset_key itself is encrypted with a key derived from the customer passphrase (Argon2id) — the passphrase is never stored.
Since the passphrase is derived client-side and never stored, it cannot be reset. The company can create a new record with a fresh invitation. This process is intentionally designed this way — no back-door.
MeinDatensatz was built for GDPR subject access (Art. 15) and correction (Art. 16). No plaintext data in DB or logs, complete audit trail, servers in Germany. A data processing agreement (DPA) is available on request.
An API for automated record import is planned (Phase 2). Currently, records can be added via the admin interface or import mechanisms. Contact us for enterprise integrations.
Any structured fields — name, address, contract data, CRM attributes — are stored as an encrypted JSON payload. The format is flexible and configurable per tenant.
Invitation links are valid for 7 days. After the first successful unlock, the session stays active for 30 minutes of idle time before expiring. The token itself cannot be reused afterwards.
Response time: usually within 24 hours on business days →

Ready for GDPR subject access without manual effort?

Contact us — we typically set up your tenant within one business day.

Get in touch View pricing