nextway® trust center

Companies world‐wide, trust us with their business and their data. 
Each day we strive to deserve and preserve that trust.

The trust center collects all the latest information on the 
security, reliability, privacy, and compliance of our products and services.

Our Software as a Service offerings

When you run Nextway.cloud, you are in capable hands. Everything runs with the Microsoft Azure datacenter in Frankfurt, backed up by a similar datacenter in Berlin. Everyday operation of Next® is handled by our own staff with the help of external Azure experts.


We protect your data with strong encryption in transit and at rest. We enfore authentication and support enterprise SSO using SAML, OAuth, and OIDC.


We run with Microsoft Azure. We mirror your data continuously, and back them up each night to a separate datacenter. We keep the backups encrypted and in generations.


Nextway is SOC 2 certified by Deloitte. Next® is certified according to ISAE 3000 and IDW PS880. Microsoft Azure is certified to SOC 2, ISO 27001, ISO 27018, and many more.


We are committed to privacy and GDPR. We run everything with European staff. We keep data in Frankfurt and manage the encryption keys ourselves.

Our Support and Consultancy

You know it, and we know it. Our support and consultancy efforts are as important as the software products they compliment – software with knowledge and experience. To deliver these services efficiently and securely is top of mind at Nextway.

Best practice

We support you efficiently and securely, based on documented best practices. See Company policy: Information security in support and consultancy below.

Learn more


Your secrets are safe with us. Each employee at Nextway is selected carefully and has signed a comprehensive non-disclosure agreement (NDA).

Data processing agreement

When we support and consult you, we may gain access to personal data you hold. For that we must have a data processing agreement in place.

Learn more


We are committed to privacy and GDPR. We run everything with European staff and keep data encrypted with own keys inside Europe.

Our Internal Systems and Processes

Some may think that our internal processes are none of your business. We respectfully disagree.

You have every right to expect that Nextway has systems and processes in place, to secure that we deliver quality software, and take good care of the data we have from you. Our SOC 2 certification addresses every aspect of this.

In the cloud and on prem

We run a unified IT infrastructure at IT Relation, in Azure, and with selected Cloud vendors. Multi factor enterprise authentication is in place.

Continuous delivery

We develop our Next software to the highest standards and complement manual testing with loads of automated tests.

Our privacy policy

We keep data on our customers, suppliers, and employees. But also on prospects and people who visit our website.

Learn more


We are totally committed to privacy and GDPR. We minimize the amount of data we keep. And what we do keep, we protect rigorously.

Incidents affecting the security of data

No matter how hard we try, incidents will happen. Besides our ability to avoid incidents, we would like to be measured on our ability to handle these incidents. And on the openness with which we do so.

Report an incident

If you believe that data is at risk, don't hesitate to contact our helpdesk by phone or email. You'll find your local contact information below.

Learn more


If you have questions regarding privacy and other issues related to security, feel free to call us. Or send us an email at privacy@nextway.software.


If you want to complain about our processing of your personal data, you do so to your local data protection agency.

Learn more


01-04-22: Next® 2.0, Next® as a Service, and Nextway are not affected by the recent Spring4Shell RCE 0-day vulnerability (CVE-2022-22965).

This incident however serves a severe reminder to keep your software – including Next® – up to date. Outdated software is inefficient and dangerous.

If you would like to know more, feel free to reach out to your Nextway contact.

12-12-21: Next® 2.0, Next® as a Service, and Nextway are not affected by the recent Log4j RCE 0-day vulnerability (CVE-2021-44228).

19-03-21: Investigations show that no data from our mail server was exposed. All affected infrastructure has been replaced.

10-03-21: Nextway infrastructure was compromised by the Hafnium hack. No external data is expected to be exposed in the incident. Update will follow.