This page summarizes how HopToDesk Dashboard Pro is built, hosted, and secured. We aim to give honest, specific answers rather than marketing claims. If you need anything not covered here for a vendor review, contact us at contact@hoptodesk.com.
Hosting and Infrastructure
HopToDesk Dashboard Pro runs entirely on managed cloud infrastructure from established providers. We do not operate our own datacenters.
- Dashboard, API, database, and file storage: a major edge cloud platform that maintains ISO/IEC 27001 certification and a SOC 2 Type II report at the platform level. The primary database is located in the United States.
- Signal (peer rendezvous) and realtime relay networks: ISO/IEC 27001 certified datacenters in the European Union (Germany) and the United States.
Encryption
- In transit: all dashboard, API, and client traffic is encrypted with TLS.
- At rest: dashboard data (database, object storage, and key-value storage) is encrypted at rest at the platform level.
- Remote sessions: remote control sessions between devices are end-to-end encrypted.
Authentication and Access Control
- Account passwords are stored only as salted hashes, never in plaintext.
- Optional two-factor authentication (TOTP) for accounts.
- Single sign-on via SAML for organizations.
- Role-based access control for team members.
- Scoped, revocable API keys for integrations.
- An admin activity audit log that records who did what, with export to CSV or JSON for ingestion into a SIEM.
Sub-processors
To operate the Service we rely on a small number of vetted third-party providers for hosting, email delivery, payment processing, and optional AI features. Each processes only the data needed for its function. We maintain a current list of our sub-processors and provide it to customers on request and as part of our Data Processing Agreement. To request it, contact us at contact@hoptodesk.com.
Data Residency
Dashboard account and configuration data is stored on our managed cloud infrastructure, with the primary database currently located in the United States. The signal and realtime-relay networks include a European Union (Germany) location, but those broker connections and relay traffic in real time and do not persistently store session content or corporate data.
We do not currently guarantee European Union data residency for dashboard data. Organizations with strict EU data-residency requirements should contact us before purchasing so we can confirm whether we can meet your needs.
Certifications and Compliance
Our underlying infrastructure providers are independently certified as described above. HopToDesk itself does not currently hold an independent SOC 2 Type II or ISO/IEC 27001 certification. The dashboard includes a compliance readiness tracker for your own internal self-assessment; it is a self-assessment tool, not a third-party attestation. We are happy to complete reasonable security questionnaires as part of your vendor review.
Reporting a Security Issue
If you believe you have found a security vulnerability, please report it to contact@hoptodesk.com. We appreciate responsible disclosure and will investigate all legitimate reports.