Security

Security & data persistence

A battery passport must stay live and trustworthy for a decade. Here is how we keep it that way.

Field-level access control

Annex XIII access tiers are enforced on the server, not in the browser. The public passport page is assembled from public-tier fields only — restricted data is never sent to a client that is not entitled to it.

Ten-year persistence

The regulation requires passport data to remain available for years after a battery is placed on the market. Passport URLs are immutable, and data is stored through a storage abstraction so the underlying provider can change without breaking a single link.

Data handling

  • Encryption in transit (TLS) for every request.
  • Strict separation between public and restricted data paths.
  • An audit trail for changes to passport data.
  • Backups aligned with the retention obligation.
This page describes our security approach in general terms. For a security questionnaire or data-processing agreement, contact us.