Our engineering stance on security.
Watasu is built on principles that bias toward isolation, transparency, and operational discipline. This page covers what's actually in place today — and is candid about what isn't yet.
Where your data lives
All workloads run in EU-only data centers — two in Germany (Nuremberg and Falkenstein) and one in Finland (Helsinki). Watasu has no US data plane, no transatlantic transfers, and no third-country processing in the customer request path. EU residency by default; GDPR posture is the starting point, not an upgrade tier.
Network isolation by default
Every team gets its own isolated Kubernetes namespace. The default network policy is deny: no app reaches any other app — including those in your own team — unless you explicitly grant trust. External outbound traffic (DNS, public APIs, your webhooks) is allowed by default. Trust grants are directional and per-app via watasu apps:trust — the only way one of your apps reaches another's private TCP services.
Encryption in transit
Every managed *.watasuhost.com URL ships with TLS terminated at the platform ingress. Custom domains get certificates provisioned and renewed automatically — you point a CNAME, Watasu handles the rest. No certificate uploads, no expiry to babysit.
Multi-DC resilience by default
The moment you scale a process to two or more replicas, Watasu spreads them across both German data centers. No configuration, no extra fee. A single-DC failure can't take down a redundantly-deployed app. Premium add-on tiers extend the topology further — Valkey Premium runs triple-zone HA across both Germany and Finland; PostgreSQL followers and geo-replicated object storage can use any of the three zones.
Backups, the safer way
Managed databases (PostgreSQL, Valkey, ClickHouse) all support backups. Standard and Premium tiers ship with scheduled backups by default; every tier supports manual backups. Restore is intentionally non-destructive: instead of overwriting your live database in place, Watasu restores into a replacement add-on you can verify. When you're ready, you promote it into the original's role. The original stays around until you explicitly destroy it. A whole class of "we restored the wrong thing" incidents simply can't happen.
Credentials and secrets
Application secrets live in config vars — encrypted at rest in the control plane, injected as environment variables at runtime. They never sit in your Git repository. Each add-on attachment ships its own scoped credentials: one object storage add-on means one bucket and one access key pair. No IAM gymnastics, no shared credentials between unrelated apps.
Source-backed infrastructure
Every change to the platform goes through code: Terraform for cloud resources, Ansible for system config, Helm charts for in-cluster components. We don't run undocumented one-offs against the live cluster. Every production change has a corresponding commit in our internal source control — no console hotfixes, no drift between what's documented and what's actually running.
No vendor lock-in
Your code runs as a standard container image. There's no proprietary build artifact, no platform-specific runtime contract, no Watasu SDK to import. The same image runs on Watasu, on your laptop, on any Kubernetes cluster, and on any other PaaS. Walk away whenever you want.
Prepaid billing as a security feature
Because Watasu is prepaid, an attacker who compromises one of your apps can't run up an open-ended bill against your card. Usage stops when the balance runs out — apps pause, they don't silently invoice you for tens of thousands.
What we don't have yet
We're early-stage. A few things people often ask about that aren't shipped yet:
- · Formal compliance certifications (SOC 2, ISO 27001) — on the roadmap, not yet shipped
- · Externally-audited penetration test reports — internal review only at this stage
- · Bug bounty program — coming after we expand the security team
- · DPA / Data Processing Agreement template — available on request via security@watasu.io
If your buying process requires any of these, write to info@watasu.io. We'll tell you honestly where we are and what timeline we can commit to.
Report a vulnerability
Found something? Email security@watasu.io. We respond within one business day and work with reporters in good faith — no legal threats for genuine security research under standard responsible-disclosure norms.