Divako
Log in Book a demo
Solutions Utilities & municipalities Housing & sub-metering Industry & buildings Streetlights & smart city Water networks & overflow Leak & anomaly detection Cost settlement & billing Billing & ERP exports Resident portal & apps Drive-By collection
Platform Hardware Network Data Analyze Integrations Security & data protection API & docs Platform status
Customers Resources About Log in Book a demo

Trust & security

We take your data seriously.

Divako carries metering data for utilities, municipalities and housing across the Nordics - including personal consumption data about real households. That data is your responsibility, and protecting it is ours. Here's how we host it, who can touch it, and the standards we build to.

Book a demo How we protect it

EU data residencyhosted in European data centres
Role-based accessRBAC · SSO · SCIM
Full audit logevery action, traceable
Encryptedin transit & at rest

Data ownership

Your data stays yours.

The meter readings, consumption profiles and customer records in Divako belong to you, not to us. We process them so you can run your service - nothing more. We never sell metering data, never share it with third parties for advertising, and never use it to train anything.

You can export everything you put in, at any time, in open formats - REST, MQTT, SFTP or a full data-lake export. If you leave, you take your data with you, and we delete our copy on request.

  • You own your data; we're only the processor
  • No resale, no ad-tech, no model training on your data
  • Export anytime in open formats - no lock-in
  • Deletion on request when you offboard

Standards & compliance

Building to the standards EU utilities are held to

We're a small, focused team - and we're putting the same governance behind our platform that our customers are accountable for. Here's an honest picture of where we are.

ISO/IEC 27001:2022

We're building our information security management system (ISMS) to ISO/IEC 27001:2022. ISO 27001-aligned controls are in place today and certification is in progress - we're not certified yet, and we won't claim to be until we are.

NIS2-aligned

Many of our customers are essential and important entities under NIS2. We operate NIS2-aligned controls - risk management, incident handling and reporting, supply-chain security - so we fit cleanly into your obligations rather than complicating them.

GDPR

Metering data is personal data. We process it as your data processor under a DPA, keep a record of processing activities, and support data-subject requests. Data stays in the EU unless you explicitly export it elsewhere.

ISO/IEC 27002 controls

Our day-to-day practices map to the ISO 27002:2022 control set - access management, cryptography, change management, backups, logging and vendor risk - and we track each control's status as we mature the programme.

Working through a procurement security review? We're happy to share our current control status, our DPA and sub-processor list. Get in touch and we'll send them over.

Hosting & residency

Hosted in the EU, encrypted end to end.

Divako runs on EU-region cloud infrastructure (Microsoft Azure). Your metering data is stored and processed inside the EU and does not leave it unless you choose to export it.

Data is encrypted in transit (TLS) and at rest. Backups are encrypted and tested, and the platform's live uptime and incident history are public - no surprises, no quiet outages.

  • EU data residency on Microsoft Azure
  • Encryption in transit (TLS) and at rest
  • Encrypted, tested backups
  • Public uptime & incident history
See live platform status →

Access & accountability

Who can touch your data - and proof of who did

Access is least-privilege by default, and everything that happens is logged. You stay in control of who in your organisation sees what.

SSO & MFA

Single sign-on with multi-factor authentication. SCIM provisioning so leavers lose access automatically.

Role-based access

Granular roles scope users to the sites, devices and actions they need - nothing more. You set the boundaries.

Full audit log

Every meaningful action is recorded - who did what, when. Exportable for your own reviews and audits.

Incident response

A documented incident-response process with defined contacts, so if something happens you hear it from us - clearly and promptly.

Talk to us

Doing a security review?

We'll walk you through our controls, hosting and data handling - and share our DPA and sub-processor list. No salesy hand-waving.

Book a demo Read the privacy policy