Logo Icon

Drooms is fully compliant with the GDPR.

Data protection & IT security

Drooms is fully compliant with the GDPR

You trust us with your confidential documents and we take that responsibility seriously by safeguarding your data using the highest security standards and handling protocols available. Drooms is GDPR compliant and always puts the privacy of its customers first. Our dataroom software solution is continuously audited to ensure that we adapt to new technologies as they develop. We also work to keep improving our internal processes for handing your sensitive data.

What is the GDPR?


For any questions or if you need more information please contact our Data Protection Team via: dataprotection@drooms.com

Maximum security and GDPR compliance with Drooms

Measures taken to protect data from unjustified modification, processing or loss:

  • Drooms ISO 27001:2013 and 27018 certified
  • Drooms GmbH fulfills the requirements of the GDPR and is as an organization as well as software GDPR compliant. The data protection report from our Data Protection Officer can be found here
  • Maintenance of servers is taken care of by Drooms GmbH in Frankfurt alone
  • Technical and Customer Support Services directly carried out by Drooms GmbH
  • Regular penetration tests are carried out to assess data security
  • High availability server solutions
  • Detailed real-time analytics down to a single document page
  • Individual granting of review, print, and/or storage authorisations on the user and document level
  • Multi-factor authentication process with PIN and SMS

How we encrypt all data

At Drooms all data transfers are completed via TLS connections only and get encrypted with AES 256-bit.

Where we store all data

The provision of the contractually agreed data processing takes place exclusively in the EU or Switzerland. Any transfer to another third country requires your consent.

Limit access by IP filtering

The possibility to limit data room access at group level to specific devices with specific IP addresses is available. This ensures the data room is only accessed via a specific company network for example.

Data confidentiality

Two factor authentication and access controls are just some of the ways clients have autonomy on how and whether their data is kept.

Vulnerability management

Drooms performs internal vulnerability scans and safety tests. In case of an emergency our disaster scenario plan guarantees that data remains unaffected.

External security audits

As an ISO 27001: 2013 certified company, Drooms GmbH regularly carries out external and internal security audits to ensure safety and comply with regulations.
personal data room

Data room user rights

Sophisticated user rights management and dynamic, personalised watermark for printed documents as well as option to disable "Print-screen" key.

International data room

IP filtering

Limit data room access at group level to specific devices with specific IP addresses.

German data room

Data privacy made in Germany

Drooms is a European company with data protection-compliant servers in Germany and Switzerland and has been awarded the ISO 27001: 2013 Information Security Certificate.

user rights

Personal data

The customer is master of its data. Drooms is a processor and processes your data solely on your instructions and only for the purpose regulated in the contract.

workflows data room

Processing activity

Drooms offers a complete activity reporting of all users in the data room (document access, length of stay etc.) in real-time.

secure data room


Drooms continues to keep data accurate and secure with a system stability/availability of 99,9% per year. No installation of additional plug-ins required due to proprietary technology.

Have questions?

Ask us!


By clicking "Submit", I agree to be contacted by Drooms GmbH or Drooms AG via e-mail or telephone (if provided) in order to process my request and in accordance with Drooms' privacy policy.