We operate in the critical infrastructure sector - data security is our top priority.
The choice of architecture (cloud or on-premise), infrastructure partners, and technical controls is aligned with water utility operator requirements. Below is a clear and honest overview of what is available today and what is planned for the coming quarters.
The customer chooses the model that matches their security policy and internal requirements.
The application runs on Google Cloud Platform infrastructure in the European region. The customer does not maintain server infrastructure - we handle hosting, updates, backups, and monitoring.
Full platform installation on customer servers. Data never leaves the organization infrastructure - a typical choice for utilities with a policy of keeping critical data in their own network.
Both options run the same software - they differ only in data location, billing model, and infrastructure responsibility scope.
In the SaaS model, we host the platform on Google Cloud infrastructure in the European region.
All data is stored in European Google Cloud data centers. No data transfer outside the European Economic Area - GDPR compliance without additional standard clauses.
PostgreSQL database hosted in Cloud SQL Enterprise with automatic backups, point-in-time recovery, and optional high availability (HA).
Google Cloud encrypts data at rest and in transit by default, without extra configuration. Encryption keys are managed by Google, with optional customer-managed keys (CMEK).
Automatic Cloud SQL backups with configurable retention. Database state can be restored to any point from recent days (point-in-time recovery).
Google Cloud Platform, the infrastructure we host on, holds the following security certifications, regularly validated by independent auditors:
Choosing Google Cloud as the core infrastructure means our customers inherit a broad set of built-in protections and compliance controls delivered by a global cloud operator with top industry standards. We build our own organizational and technical processes on the same standards and best practices, in close cooperation with water utility customers.
What specifically protects data inside the HydroNexis platform.
All client-application communication is secured with HTTPS/TLS. This covers the web portal, mobile app, and API integrations.
Each user is assigned a role (for example operator, manager, dispatcher) with specific permissions per screen and per action. Permission policy is configurable for each organization.
Data of each organization (tenant) is logically isolated. Users can see only their own assets and operations. Organizations have no cross-access to data.
Every remote pump-control operation (start, stop, range change) is logged with details: who, when, and in which mode. Full audit trail for security-policy compliance.
User passwords follow policy rules for minimum length, complexity, and periodic refresh. Passwords are stored as hashes (scrypt) - never in plain text.
User accounts are never deleted - only deactivated. This preserves operation and reporting history for audit purposes. Password reset is protected by a verification mechanism.
We support water utility operators in meeting Polish and EU regulatory requirements.
All data is processed in line with GDPR. Hosting is EU-only, data is encrypted, and data-subject rights are supported (access, rectification, deletion). A data processing agreement (DPA) is signed with each customer.
The platform generates reports required from water operators: statistical report M-03, national wastewater program reporting, and reports for sanitary and water authorities. Report formats are updated with current regulations.
The CSZU module automatically monitors permit expiry dates with notifications 90, 60, and 30 days before expiration. Statuses VALID / CRITICAL / EXPIRED are visible on the organization dashboard.
The GIS module (pilot phase) is designed for full compliance with Polish geodetic standards: K-GESUT, BDOT500, EGiB, EMUiA, official GML validation, and geodetic work submissions to PODGiK.
What we plan for the coming quarters. Specific timelines are agreed with customers during the sales cycle.
MFA (TOTP/SMS) for users with access to critical functions. Launch date is agreed during implementation planning with customers.
Single Sign-On with existing customer identity infrastructure (Active Directory, Microsoft Entra, Google Workspace). Timeline agreed individually.
HydroNexis plans organizational ISO 27001 certification as a target state. Today we run on certified Google Cloud infrastructure.
After pilot deployments, we plan regular penetration tests and code audits performed by independent companies. Reports available to customers on request.
We will prepare detailed technical documentation tailored to your IT and compliance requirements.