TOM Generator (GDPR)

Document the security of your Bricksync server. Check which measures you have implemented, and instantly generate an official PDF document for your records (Technical and Organizational Measures according to Art. 32 GDPR).

Legal Notice:
This tool translates technical configurations into formal legal terminology and creates a template for your documentation. However, it does not constitute binding legal advice. If in doubt, you should have your finished document reviewed by a data protection officer or lawyer.

1. General Data

Shop Name / Company

Responsible Person

Server Host (Data Center)

2. Implemented Measures

Check what you have set up on the server:

Firewall (UFW) enabled with 'Default Deny' Default SSH port (22) changed Direct 'root' login disabled Fail2Ban (Brute-force protection) installed Automatic security updates enabled Server is used exclusively (No Web/Mail) Regular local backups of .bsx files

100% Local: Your data is not transferred over the internet.

Technical and Organizational Measures (TOM)

according to Art. 32 GDPR

Company: [Shop Name]

Responsible: [Name of Responsible Person]

Date:

System/Purpose: Virtual Private Server (VPS) for running the software 'Bricksync' for inventory synchronization of building block marketplaces.

To ensure the security of processing inventory and order data on the deployed server system, the following technical and organizational measures have been implemented:

1. Physical Access Control

Measures that deny unauthorized persons physical access to data processing systems:

The server is operated as a virtual instance in a certified data center of [Host Name].
Physical access to the servers is strictly regulated by the hosting provider's security personnel, access control systems, and video surveillance, and is limited to authorized personnel.

2. Logical Access Control

Measures to prevent data processing systems from being used by unauthorized persons:

Administrative access is exclusively encrypted via the SSH (Secure Shell) protocol.
Complication of unauthorized automated access attempts by obscuring the default access port (port obfuscation).
Prohibition of direct administrative login ("root" login disabled). Access is personalized according to the least privilege principle.
Use of system services to automatically defend against brute-force attacks (e.g., Fail2Ban for temporary blocking of suspicious IP addresses).

3. Data Access Control

Measures to ensure that persons authorized to use the system can only access data subject to their access authorization:

Strict network isolation through a restrictive firewall (UFW - Default Deny). Only explicitly required external connections are permitted; all other ports are blocked.
Configuration files (incl. API keys) are protected by strict file system permissions (chmod 600) and can only be read by the executing service user.

5. Availability Control

Measures to ensure that personal data is protected against accidental destruction or loss:

Ensuring system integrity through fully automated, timely installation of security-critical operating system updates (Unattended Upgrades).
Regular redundant offline backup of operational business data (Bricksync order files and configuration backups) to local, separated systems.

Location, Date

Signature of Responsible Person