FileMorph operates under German law (Hamburg).
Compliance assertions on this page cite German statutes (HGB §257, AO §147, DSGVO Art 17). This English translation is provided for accessibility — the German version is the authoritative legal text in case of conflict.
FileMorph Compliance Edition
Run FileMorph on citizen data — with a signed DPA, a liable EU contact, and an SLA.
Self-hosted behind your firewall. The open-source engine is free under AGPLv3; the Compliance Edition adds the contract behind it — Art. 28 DPA, support SLA, signed releases, and someone accountable. EU vendor with German imprint.
Internal use is already free under AGPL-3.0 — here is why ↗. You pay for accountability, not permission.
Design Partner Programme: 3 spots, 6 months free. Apply →
Engineering proof before contract
SHA-256 audit log
Every operation in a continuous hash chain. Tampering with an old row breaks every following one.
Signed image + SBOM
cosign keyless OIDC, cryptographically signed git tags, CycloneDX-JSON SBOM in every GitHub release.
PDF/A-2b veraPDF-validated
Conformance gate runs as CI workflow. No release without green veraPDF against a worst-case source PDF.
Tier overview
Server-volume-based, not per user seat. Binding terms follow the personal conversation.
| Tier | Scope | Price / year |
|---|---|---|
| Compliance Starter | 1 server, ≤ 50 employees | € 990 |
| Compliance Standard | 3 servers, ≤ 2,000 employees | € 7.490 |
| Compliance Enterprise | unlimited servers, dedicated onboarding, custom SLA | from € 24.900 |
KRITIS and air-gap variants on request. All tiers include commercial license, DPA template, signed Docker image and support SLA.
Prices per year. Kleinunternehmer gemäß §19 UStG — keine Umsatzsteuer ausgewiesen (no VAT charged, small-business rule, §19 German VAT Act).
Why a Compliance Edition?
Public authorities, hospitals and law firms often may not process citizen and client data through public cloud conversion services — the GDPR data chain and the EVB-IT contract framework set tight limits here. At the same time, the typical IT department lacks the bandwidth to maintain a conversion backend on its own.
FileMorph closes this gap: the open-source engine covers 16+ format pairs and runs on your own Hetzner / on-premises / air-gap infrastructure. The Compliance Edition additionally provides the contracts, SLAs and roadmap guarantees that an EVB-IT-compliant procurement requires.
What's in the Compliance Edition
Commercial license
Lifts the AGPLv3 publication obligation for internal in-house developments + public citizen-portal integrations.
Data Processing Agreement (DPA)
GDPR Art. 28-compliant DPA — drafted jointly in the pilot conversation and adapted to your authority or clinic specifics.
Audit log with hash chain
SHA-256-chained operations log, ISO 27001 A.12.4.1 / BORA §50 / BeurkG §39a.
PDF/A-2b output
Conformance secured by veraPDF CI gate against a worst-case source PDF — for beA attachments, citizen-application archiving, BSI TR-RESISCAN.
Signed releases + SBOM
cosign-signed Docker image, cryptographically signed git tags, CycloneDX-JSON SBOM in every release. Aligned with the open-source + SBOM provisions of the EVB-IT reform (March 2026).
Support SLA
Response-time targets by severity — critical 4 h, high 24 h, medium/low in the next regular release. Targets apply Mon–Fri 09:00–18:00 CET, excluding German public holidays.
Design Partner Programme
Three spots. Six months free. Direct influence on the Compliance Edition roadmap.
What you give
Logo mention as pilot customer (optional). Roadmap feedback every four weeks. Willingness to prioritize feature tickets.
What you get
Full Compliance Edition. Onboarding together with the maintainer. Priority bug hotfixes.
Who's a fit
Public authority, clinic IT, law firm with a concrete GDPR conversion use case. We filter for pilot readiness — not every applicant fits.
What we deliver compared to typical alternatives
An orientation about the provider categories common in DACH RFPs. In individual cases, a specific product may do more — please check individually.
| Criterion | FileMorph Compliance |
Typical open-source converters | Typical SaaS converters |
|---|---|---|---|
| Self-hosted (data stays in-house) | ✓ | often ✓ | rare |
| GDPR DPA template in German form | ✓ | rare | varies |
| Audit log with hash chain | ✓ | varies | varies |
| PDF/A-2b veraPDF-validated | ✓ | varies | varies |
| Multi-format (image + audio + video + sheet) | ✓ | often limited to one area | often ✓ |
| EU vendor with German imprint | ✓ | varies | varies |
| Commercial license on AGPL code | ✓ | rare | not applicable |
The table describes typical characteristics of the named provider categories and is not a definitive comparison of specific products. Individual providers may do more or less — please check the current offer directly with the manufacturer.
Trust basis before contract
You can fully audit FileMorph before the first conversation. All relevant security and architecture documents are freely accessible:
- Security Disclosure Policy — RFC 9116, with response times and scope.
- Architecture overview — Mermaid diagram and request lifecycle ↗.
- STRIDE threat model — threat-mitigation anchors per category ↗.
- AGPLv3 for public authorities — when publication obligation applies, when not ↗.
- Patch policy — versioning, CVSS bands, signed artefacts ↗.
- Incident response plan — escalation, post-mortem template ↗.
- Sub-processor list — GDPR Art. 28 annex ↗.
- Account-deletion design — DSGVO Art. 17 self-service flow, incl. the HGB §257 / AO §147 tax-retention edge case ↗.
- Source code — full GitHub repository ↗.
Frequently asked questions
Do you also host if we can't operate ourselves?
The Compliance Edition is self-hosted. If you can't operate your own infrastructure, filemorph.io (Cloud Edition) is the right path — different data class, different contracts, no EVB-IT anchor.
What happens if we cancel?
You keep the code (AGPLv3 stays). You lose the commercial license, the updated DPA, new releases with compliance features, and the support SLA. Existing installations continue running — no lock-in via forced updates.
How does AGPLv3 behave with citizen-portal integrations?
For a publicly accessible service integration, the AGPL publication obligation applies. The commercial license lifts it — you can integrate FileMorph into a citizen portal without disclosing your portal's source code. Detail in docs/agpl-fuer-behoerden.md ↗.
Do I need the Enterprise tier for KRITIS?
Standard tier is enough for most KRITIS requirements (self-hosting, audit log, signed artefacts). Enterprise becomes relevant once air-gap update mechanism, reproducible builds or dedicated support SLA are required. We clarify this in 15 minutes by phone.
What does the data export look like if we migrate?
FileMorph is stateless for conversions — there is nothing to export apart from the audit log (Postgres, SQL-dumpable) and configuration (env vars). Migration to a successor is a SQL-dump + container-image question, not a vendor lock-in.
What we're transparent about
- External ISO 27001 certification and external pen test are planned as Year-2 roadmap items — both will be implemented as soon as the first paying pilot economically justifies the effort.
- Reproducible builds and air-gap update mechanism are also Year-2 (required for the KRITIS variant, not critical in the standard tier).
- We name it because an RFP reviewer would notice anyway — and because we prefer to keep the roadmap transparent rather than embellished.
Ready for a 15-minute pilot call?
You're evaluating conversion software for a public authority, hospital or law firm? Write to us with your use case — we respond within one business day.
Confidential inquiries via security.txt are encrypted with the same key.