Practicle is hosted in Hetzner's data centers in Nuremberg, Germany. Hetzner offers ISO 27001 certified and fully GDPR compliant data centers, which are also located within the EU legislative framework.

The infrastructure forms a strong technical foundation for both data protection, stable operation and compliance related to, among others, NIS2.

Practicle is a modern web-based platform. The frontend is developed in React and the backend is based on a modular PHP API. The architecture is multi-tenant and designed for scalability, security and flexible extension.

All data access goes through controlled API layers with validation and security filters.

Practicle uses PostgreSQL as its primary database. The platform is multi-tenant and ensures logical separation, so that each customer's data is isolated. Database accesses are parameterized and validated on the server side.

Data processing agreements are handled via Practicle's central customer and management system, where agreement documents, updates and compliance information are all gathered in one place.

Practicle supports integration with Keycloak for Single Sign-On and centralized identity management. Keycloak can be used for login, user management, multi-factor authentication, and enterprise identity governance.

Organizations can thus integrate Practicle with their existing IAM solution and achieve consistent security and role-based access control across systems.

Practicle performs automatic hourly backups (3 days of history) and daily backups (30 days of history). Backups are stored in the cloud and can be restored as needed.

Backup runs are actively monitored, validated for integrity, and notified of errors or failures to complete. This ensures that backups are not only taken but also usable.

Customers can take snapshots themselves before upgrades and quickly restore their database via a guided restore flow, increasing security during changes and providing flexibility.

• CSRF protection.
• 2FA support.
• Automatic session timeout.
• Account status validation.

• IP based blocking.
• File based burst protection.
• Failed login attempts are locked.
• Configurable thresholds.

• Password hashing and salting.
• LDAP integration.
• Role-based access.
• Secure headers like CSP and HSTS.

Practicle's login infrastructure is robust and built for secure operation. Protection against brute force, credential stuffing, session attacks, and simple DDoS-like patterns is provided through layered security and intelligent control mechanisms.

Practicle is monitored by a proprietary monitoring engine that measures server load, latency, API errors, and database health. The system notifies when deviations occur, allowing operations to respond quickly and proactively.

All key changes are logged with a timestamp for traceability. The audit log meets compliance needs and provides transparency in administrative actions, changes and login processes.

Only necessary services are exposed, and the operating system is maintained with security updates. API calls are validated server-side, and input is checked to prevent injection attacks.

Practicle is protected by an effective firewall that filters unwanted traffic, scans and brute force attempts before they reach the application. Only necessary ports are open, and the rules are reviewed continuously.