Get started

Your data stays in Switzerland.

Noodle Box runs on AWS in Zurich (eu-central-2) with HSM-backed encryption keys. Payments flow through Payrexx — a Swiss merchant relationship you own. nFADP and GDPR compliant by construction, because that's the only way the foundation was ever built.

The Swiss trust stack

Three things every Swiss service business should be able to say about the software running their client list and their cash flow.

Swiss data residency

All Noodle Box infrastructure runs on AWS eu-central-2 in Zurich — from the first line of code, and never anywhere else. Application data, PostgreSQL databases, and file storage all live in the Zurich region. No US data export, no EU-wide fallback regions, no exceptions.

Swiss payment rails

Noodle Box is an official Solution Partner of Payrexx — the Swiss payment service provider based in Thun, Switzerland. Your Payrexx merchant account is yours — TWINT, cards, Swiss merchant rates, no captive processor markup. We can fast-track Payrexx onboarding for new accounts (most are live in a few business days).

Passwordless login

Passkeys (WebAuthn), magic links, and one-time login codes — pick what works for you and your team. No passwords to phish, no SMS codes to intercept, no MFA fatigue. Available today on the Noodle Box platform login.

Payments routed through Switzerland too

Marketplace-style booking tools bundle a captive payment processor with the software — that's where their margin sits, and that's where the lock-in comes from. We're a Solution Partner of Payrexx (Thun, Switzerland) instead. The merchant relationship belongs to you. Funds settle into your Swiss account on Payrexx's normal terms, not via a captive processor that takes its cut first.

We're listed in the Payrexx partner directory — same source of truth as Payrexx's own customer-facing listing.

Payrexx Solution Partner Payrexx Solution Partner

Layered protection

The technical detail behind the trust stack. Encryption, infrastructure, access control, and compliance — the building blocks that make the Swiss claims hold up under scrutiny.

Encryption at rest and in transit

TLS 1.2 or higher in transit. AES-256 at rest across PostgreSQL, application data, and S3 file storage — every key managed by AWS KMS, every key backed by an HSM. No customer data ever stored in clear text on disk.

Zurich infrastructure

AWS eu-central-2 (Zurich) for compute, RDS PostgreSQL for the application database, S3 for file storage. All regional. Redundant power, redundant networking, world-class physical security — all the AWS standards, all anchored to the Swiss region.

Access control

Role-based access control across every workspace. Passkeys (WebAuthn), magic links, and one-time login codes available today. Two-factor authentication (2FA) on all accounts. SSO (SAML/OIDC) for Enterprise.

Compliance

Built to comply with the EU General Data Protection Regulation (GDPR), the Swiss Federal Act on Data Protection (revFADP / nFADP), and Swiss banking-grade payment standards through Payrexx. Data processing agreements available for every tenant.

Incident response

Continuous monitoring across the infrastructure to detect anomalies in real time. Clear escalation paths, defined containment steps, and customer notification timelines that don't depend on a marketing review.

Regular audits

Vulnerability scanning, dependency audits, and internal code reviews on every release. Security posture continuously evaluated as the platform evolves — and AI never trains on your tenant data.

Report a security concern

If you've found a vulnerability or have a concern about how we handle your data, contact our security team at . Every report gets a same-business-day acknowledgement.