Security & Compliance
Trust is built into how we work, not bolted on afterwards. Square Software treats data protection, secure engineering and Albanian regulatory compliance as standing practices on every project — from the first line of code to production operations. This page describes the posture we actually maintain.
Data protection: Law 9887 and GDPR alignment
Square Software is an Albanian company and processes personal data under Albanian Law No. 9887 “On the Protection of Personal Data”, supervised by the Commissioner for the Right to Information and Protection of Personal Data (IDP). Albanian data-protection law is closely modelled on the EU framework, and we engineer our systems so the same controls satisfy the EU General Data Protection Regulation (GDPR) for clients and end-users in the European Union.
In practice that means data minimisation by default, a lawful basis for every processing activity, honoured data-subject rights (access, rectification, erasure, portability), retention limits, and Data Processing Agreements with the clients on whose behalf we process data. When we act as a processor, we follow the controller’s documented instructions and pass equivalent obligations to any sub-processor.
- Privacy-by-design and by-default in every new feature
- Data Processing Agreements (DPAs) defining controller/processor roles
- Documented lawful basis, purpose limitation and retention schedules
- Support for data-subject requests and breach-notification timelines
Secure software development lifecycle (SDLC)
Security is part of engineering, not a separate gate at the end. Our delivery process embeds review and verification at each stage so vulnerabilities are caught early, when they are cheapest to fix.
- Mandatory peer code review and protected main branches
- Least-privilege access, secrets kept out of source control, scoped credentials
- Dependency and vulnerability scanning in CI; prompt patching of known CVEs
- Encryption in transit (TLS) and at rest for sensitive data
- Separate environments for development, staging and production
- Audit logging and monitoring on production systems
Fiscalization & AKSHI compliance know-how
We build software that has to interoperate with Albanian government systems, so we maintain working knowledge of those regimes rather than treating them as an afterthought. Our team implements fiscalization — the real-time electronic invoicing mandated by the General Directorate of Taxes — including secure handling of fiscalization certificates, signing of invoices, and transmission to the central platform.
For projects that touch e-government infrastructure, we work to the technical and interoperability standards published by the National Agency for Information Society (AKSHI), which governs Albania’s public digital services.
- Fiscalization integration (invoice signing, certificate handling, real-time reporting)
- Familiarity with AKSHI interoperability and e-government standards
- Correct handling of NIPT, tax and invoicing data fields
Where your data is hosted
Hosting location is a decision we make with each client, driven by data-residency, latency and regulatory needs rather than a one-size-fits-all default. For clients and end-users in the European Union, we host on EU-based infrastructure from established providers so data stays within the EU/EEA. Where a project requires Albanian data residency, we host accordingly.
Production environments are isolated from development and staging, access is restricted on a least-privilege basis, and backups are encrypted. We document the hosting arrangement and the sub-processors involved as part of each engagement’s Data Processing Agreement.
An honest note on certifications
We describe practices we genuinely follow, not badges we don’t hold. Square Software does not currently claim a formal ISO/IEC 27001 certification. What we offer is a consistent, documented security and compliance posture — the controls above — applied to every engagement, and we are happy to walk a prospective client through exactly how a specific project would be secured and where its data would live.
Official sources
The regulators and frameworks referenced on this page. We link to the primary sources so you can verify the obligations yourself.
- Commissioner for the Right to Information and Protection of Personal Data (IDP)Albanian data-protection authority supervising Law No. 9887.
- EU General Data Protection Regulation (Regulation 2016/679)The full GDPR text on EUR-Lex.
- General Directorate of Taxes — AlbaniaAuthority responsible for the fiscalization regime.
- Fiscalization platform (efiskalizimi)The official Albanian fiscalization application.
- National Agency for Information Society (AKSHI)Governs Albania’s e-government and interoperability standards.
Company details
- Legal name
- Square Software SH.P.K.
- NIPT
- M51418039H
- Registered address
- Rruga Muhamet Gjollesha, Ndërtesa 30, 1001 Tiranë, Shqipëri
- Registered at
- QKB — Qendra Kombëtare e Biznesit
- Registration date
- 2025-02-11