Concrete facts — not promises
Here is what is actually in place: where data is hosted, how access is protected, and what you can request for your procurement process.
GDPR & EU hosting
All data is hosted exclusively on OVH servers in the EU (France). OVH is a European provider subject to GDPR. All data transfer is TLS-encrypted. A data processing agreement (DPA) is available on request.
Roles and access separation
The system has three clearly separated roles: portal admin, staff, and borrower. Admins control access, staff manage inventory and loans, borrowers only see and submit requests.
Complete and traceable history
Every loan request, approval, pickup, and return is logged with a timestamp and user reference. The full history is preserved even when staff changes — no data is deleted on role transfer.
Authentication & verification
Login uses JWT tokens stored in HttpOnly cookies — not accessible to JavaScript. Borrowers are verified via university email double opt-in before they can submit any request.
Hosting facts
Hosted on OVH Cloud, EU region (France). Database: PostgreSQL on OVH. No data leaves the EU. No third-party analytics or tracking scripts on the platform.
Available on request
Write to hello@campusverleih.de for a data processing agreement, technical-organizational measures (TOM), sub-processor list, or rollout support. We respond personally — no automated sales flow.
What to request for your procurement process
Send an email to hello@campusverleih.de and specify what you need. We prepare these individually — not as automated PDFs.
Data processing agreement (DPA / AVV) — available on request.
Technical and organizational measures (TOM) covering access control, backups, and incident contact.
Data export: all your data can be exported at any time. Account deletion on contract end.
Direct support via hello@campusverleih.de — no ticket system, no support queue.