Live200 robots in operation across Europe as of May 2026.Live44 OEM partners and counting. Three new this month.Live11 European countries operational. Germany, Austria, Switzerland, France, Italy, Spain, Netherlands, Denmark, Sweden, Poland, United Kingdom.LiveFirst humanoid on Floor 2, Hamburg senior living. Week 12 of operation.PublishedCost-reduction case with a care group. Double-digit cost offset, year one.Live200 robots in operation across Europe as of May 2026.Live44 OEM partners and counting. Three new this month.Live11 European countries operational. Germany, Austria, Switzerland, France, Italy, Spain, Netherlands, Denmark, Sweden, Poland, United Kingdom.LiveFirst humanoid on Floor 2, Hamburg senior living. Week 12 of operation.PublishedCost-reduction case with a care group. Double-digit cost offset, year one.
werob.

Security

Security at werob

Last updated 26 May 2026

werob deploys robots from multiple manufacturers into live operations. Those robots carry our customers' video, sensor and process data. This overview describes how we protect that data. It applies to the werob brand, operated by CITO GmbH.

Encryption

Data is encrypted in transit over public networks with TLS (version 1.2 or higher) and at rest with AES-256. Video streams and sensor reports are protected end-to-end, including automatic redaction of personal data (PII).

Access control

Role-based access control (RBAC) from day one, multi-factor authentication (MFA) required for administrative accounts, and single sign-on via SSO/SAML available. Least-privilege applies by default: staff hold only the permissions their role requires. Every action is recorded in an audit log.

Data residency in the EU

Customer data is processed within the European Union. Infrastructure is multi-region to support data sovereignty and resilience. Where a subprocessor processes data outside the EU, it does so only on the basis of appropriate safeguards under Art. 44 et seq. GDPR.

Resilient infrastructure

Multi-region operation with regular backups and defined recovery objectives. Disaster-recovery procedures are documented and tested so that operations can continue through a disruption.

Responsible use of AI

We do not train models on customer data. Prompts and documents are never shared between tenants. The platform is built with tenant isolation, and AI-assisted output is designed to remain traceable.

Incident response

If we become aware of a personal-data breach, we notify affected customers and, where required under Art. 33 GDPR, the competent supervisory authority without undue delay, typically within 72 hours. Security-relevant logs are retained for at least one year.

Standards and frameworks

Frameworks we build to and operate against: in production or in progress toward implementation and certification.

EU 2023/1230ISO 13482IEC 62443ISO/IEC 27001DSGVO / GDPR

Report a vulnerability

If you discover a potential security issue, please report it responsibly to info@werob.de with the subject line "Security". We acknowledge receipt and keep you informed as we work on it. Please hold off on public disclosure until the issue is resolved.

Documents on request

A data processing agreement (Art. 28 GDPR) including standard contractual clauses, the current list of subprocessors, and a security overview are available to customers on request. Write to info@werob.de.

See also