Skip to content

Trust Center

How we handle your data.

Librario is operated by BauCloud GmbH from Munich, Germany — since 2013. This page summarises where your data is processed, which contractual documents are available for procurement and audit, and how we secure the service.

At a glance

Four facts that procurement reviews ask for first.

Operated continuously by BauCloud GmbH, Munich — since 2013
12+ years
Data processed in data centres within the EU
EU
No installation, no local software
In the browser
No tracking cookies and no third-party scripts on this website
No cookies

For procurement

Documents & policies

Everything you need for vendor reviews and your own GDPR obligations.

Data Processing Agreement (DPA)

Data processing agreement pursuant to Art. 28 GDPR.

Technical & organisational measures

TOMs pursuant to Art. 32 GDPR.

Sub-processors

A complete, public list of every service provider involved.

Privacy policy

What we collect, why, and for how long.

General Terms & Conditions

General terms and conditions, including the Bitkom modules.

Imprint

Company details, register entry and contact.

Infrastructure

Where your data lives

Where application servers, databases and the search index run.

  • Data centres in the EU

    Application, databases and files are processed with established cloud providers in EU regions — including Frankfurt, Amsterdam and Paris. Your team accesses Librario from anywhere; the data itself stays in the EU.

  • Daily backups

    BauCloud creates automated, encrypted backups daily — stored geographically separate from the production system. You are also responsible for your own backups; the REST API makes that possible at any time.

  • Contracts & safeguards

    Data processing agreements with EU Standard Contractual Clauses are in place with every provider. The full list is available under Sub-processors.

  • Your data stays yours

    Your library is retained for the duration of the contract. You can export your data yourself at any time — as BibTeX, EndNote or CSV — or automate it via the REST API. No lock-in.

Application security

How we secure the service

How we keep the service hardened in day-to-day operation.

Encryption in transit and at rest
All traffic runs over TLS. Databases, files and backups are encrypted at rest with AES-256.
Single sign-on via Microsoft Entra ID
Larger organisations sign in via SSO with Microsoft Entra ID (Azure AD); user accounts are managed centrally through your directory. Available on enterprise plans.
Strict tenant isolation
Every database query is scoped to its organisation; cross-organisation access is ruled out.
Password hashing with bcrypt
Passwords are stored only as bcrypt hashes, never in plain text.
Security analysis on every change
Every code change runs through an automated Brakeman security analysis and a scan for known vulnerabilities in dependencies.
The complete list of measures
The technical and organisational measures pursuant to Art. 32 GDPR are documented in the TOMs.

Honesty first

Our compliance posture

We say openly what is certified and what is not. The data centres where your data lives are certified to ISO 27001 and SOC 2. On that audited foundation, we focus on our core competency: a dependable library system.

GDPR compliance

We operate under EU and German data protection law and provide a data processing agreement pursuant to Art. 28 GDPR, documented TOMs pursuant to Art. 32, and a public sub-processor list.

Certified data centres

Your data lives in the data centres of established cloud providers certified to ISO 27001 and SOC 2. Librario itself deliberately holds no certification of its own — we build on that audited foundation and focus on the library system.

Your data belongs to you

You can export your data yourself at any time — as BibTeX, EndNote or CSV, or via the REST API. After the contract ends, it remains available for four weeks.

Frequently asked questions on security & privacy

Who has access to my data?
Only you and the team members you set up an account for have access to your literature and data.
Can Librario run in our own data centre?
Librario is a cloud service, designed to be operated by us. Running it on your own servers is only possible as part of an individual premium offer, and we do not recommend it. Tell us your requirements — we will assess what is feasible.
Is Librario suitable for literature on an intranet?
Librario is a cloud service: we provide computing power, storage and software over the internet. Access is restricted to your organisation's user accounts only — functionally comparable to an internal company network.
What software needs to be installed?
None. Librario runs in any modern browser, with no installation. A standard PDF viewer is all you need to open the PDF files.
Can we export our data when we cancel?
Your data belongs to you. For up to four weeks after the contract ends, you can download and back up your publications, collections and attachments yourself.

The company

Who is behind Librario

Librario is built and operated by BauCloud GmbH — a German company headquartered in Munich. Librario has been running continuously since 2013; more than twelve years in the market stand behind the service.

You have a clear contractual partner, with its registered office and place of jurisdiction in Germany — and your data stays portable at any time, via standard formats and the REST API.

Legal entity
BauCloud GmbH
Registered office
Jörg-Hube-Straße 99
81927 Munich, Germany
Commercial register
HRB 206718, Amtsgericht München
Managing director
Dipl.-Ing. (FH) Tobias L. Maier, M.Sc.
VAT ID
DE290479250

Questions about security or compliance?

Need a countersigned DPA, answers to a vendor questionnaire, or a specific piece of information? Email us — you will reach the team that operates the service directly.

Email support