By George Curta · Last updated 2026-05-282026-05-28

Risk Assessment

Document ID: ISMS-POL-004
Version: 1.0
Assessment Date: December 29, 2025
Next Review: June 29, 2026
Classification: Internal

1. Purpose#

This Risk Assessment identifies, analyzes, and evaluates information security risks to anonym.legal. It provides the basis for risk treatment decisions and security control implementation.

2. Scope#

This assessment covers:

Information assets (customer data, system configurations, code)
Technical infrastructure (servers, databases, networks)
Application security (frontend, backend services)
Operational processes (deployment, monitoring, support)

3. Risk Assessment Methodology#

3.1 Risk Calculation#

Risk = Likelihood × Impact

3.2 Likelihood Scale#

Rating	Description	Probability
1	Rare	< 1% per year
2	Unlikely	1-10% per year
3	Possible	10-50% per year
4	Likely	50-90% per year
5	Almost Certain	> 90% per year

3.3 Impact Scale#

Rating	Description	Business Impact
1	Negligible	Minimal disruption, no data loss
2	Minor	Limited disruption, minor data exposure
3	Moderate	Significant disruption, moderate data exposure
4	Major	Severe disruption, significant data breach
5	Critical	Business threatening, massive data breach

3.4 Risk Matrix#

	Impact 1	Impact 2	Impact 3	Impact 4	Impact 5
Likelihood 5	Medium	Medium	High	Critical	Critical
Likelihood 4	Low	Medium	Medium	High	Critical
Likelihood 3	Low	Low	Medium	Medium	High
Likelihood 2	Low	Low	Low	Medium	Medium
Likelihood 1	Low	Low	Low	Low	Medium

4. Asset Inventory#

4.1 Information Assets#

Asset	Classification	Owner	Location
Customer PII	Confidential	Platform	Database (relational database)
User Credentials	Confidential	Platform	Database (hashed)
Encryption Keys	Confidential	Customer	Database (encrypted)
API Tokens	Confidential	Customer	Database (hashed)
Application Code	Internal	Development	Server/Repository
System Configurations	Internal	Operations	Server
Logs	Internal	Operations	Server

4.2 Technical Assets#

Asset	Type	Location	Criticality
Web Server	Infrastructure	Hetzner Cloud	High
Database Server	Infrastructure	Hetzner Cloud	Critical
Presidio Services	Application	Hetzner Cloud	High
Frontend Application	Application	Hetzner Cloud	High

5. Threat Identification#

5.1 External Threats#

Threat	Description
Cyber Attacks	Targeted attacks, hacktivism
DDoS	Distributed denial of service
Malware	Ransomware, trojans
Social Engineering	Phishing, pretexting
Data Theft	Intellectual property theft

5.2 Internal Threats#

Threat	Description
Insider Threat	Malicious or negligent insiders
Human Error	Misconfiguration, accidental disclosure
Process Failure	Inadequate procedures

5.3 Environmental Threats#

Threat	Description
Hardware Failure	Server/storage failure
Network Failure	Connectivity issues
Power Failure	Data center power issues
Natural Disaster	Fire, flood, earthquake

6. Risk Register#

6.1 Critical Risks#

ID	Risk	Likelihood	Impact	Risk Level	Treatment
R001	Customer data breach via SQL injection	2	5	Medium	Mitigate: Secure ORM, parameterized queries
R002	Credential theft via brute force	3	4	Medium	Mitigate: Account lockout, 2FA
R003	Service outage due to DDoS	3	3	Medium	Mitigate: Rate limiting, Hetzner DDoS protection

6.2 High Risks#

ID	Risk	Likelihood	Impact	Risk Level	Treatment
R004	Unauthorized admin access	2	4	Medium	Mitigate: SSH keys, 2FA, audit logging
R005	Data exposure via API vulnerability	2	4	Medium	Mitigate: JWT auth, feature gating, rate limiting
R006	Encryption key compromise	1	5	Medium	Mitigate: AES-256-GCM, key per user, secure storage

6.3 Medium Risks#

ID	Risk	Likelihood	Impact	Risk Level	Treatment
R007	Session hijacking	2	3	Low	Mitigate: Secure cookies, JWT, HTTPS
R008	XSS vulnerability	2	3	Low	Mitigate: CSP, frontend framework auto-escaping
R009	Dependency vulnerability	4	2	Medium	Mitigate: npm audit, regular updates
R010	Data loss due to backup failure	2	4	Medium	Mitigate: Hetzner snapshots, tested recovery

6.4 Low Risks#

ID	Risk	Likelihood	Impact	Risk Level	Treatment
R011	Minor service degradation	3	1	Low	Accept: Monitoring, auto-restart
R012	Non-critical feature unavailable	3	1	Low	Accept: Graceful degradation

7. Risk Treatment#

7.1 Treatment Options#

Option	Description	When to Use
Mitigate	Implement controls to reduce risk	Risk exceeds tolerance
Transfer	Insurance, outsourcing	Cannot fully mitigate
Accept	Acknowledge and monitor	Risk within tolerance
Avoid	Eliminate risk source	Risk too high, cannot mitigate

7.2 Implemented Controls#

Risk ID	Control	Status	Effectiveness
R001	Secure ORM (parameterized queries)	✅ Implemented	High
R002	Account lockout (5 attempts/30 min)	✅ Implemented	High
R002	Password complexity (12+ chars)	✅ Implemented	High
R002	2FA support (TOTP/Email)	✅ Implemented	High
R003	Rate limiting	✅ Implemented	Medium
R004	SSH key authentication	✅ Implemented	High
R004	Brute force protection	✅ Implemented	High
R005	JWT authentication	✅ Implemented	High
R005	Feature gating	✅ Implemented	High
R006	AES-256-GCM encryption	✅ Implemented	High
R007	Secure cookies (HttpOnly, Secure)	✅ Implemented	High
R007	HTTPS only (TLS 1.2+)	✅ Implemented	High
R008	Content Security Policy	✅ Implemented	High
R009	npm audit in CI	✅ Implemented	Medium
R010	Hetzner cloud snapshots	✅ Implemented	High

8. Residual Risk#

After implementing controls, the following residual risks remain:

Risk ID	Original Level	Residual Level	Notes
R001	Medium	Low	Secure ORM prevents SQL injection
R002	Medium	Low	Multiple controls in place
R003	Medium	Low	Rate limiting + provider protection
R004	Medium	Low	SSH keys + brute force protection
R005	Medium	Low	JWT + feature gating
R006	Medium	Low	Strong encryption, key isolation
R009	Medium	Low	Regular updates, dev deps only

9. Risk Monitoring#

9.1 Key Risk Indicators (KRIs)#

KRI	Threshold	Monitoring Frequency
Failed login attempts	> 100/day	Daily
API error rate	> 5%	Real-time
Vulnerability count (high/critical)	> 0 in prod deps	Weekly
Service availability	< 99.9%	Real-time
Security incidents	Any P1/P2	Immediate

9.2 Review Schedule#

Activity	Frequency
Risk register review	Quarterly
Full risk assessment	Annually
Control effectiveness review	Bi-annually
Threat landscape review	Quarterly

10. Document Control#

Version	Date	Author	Changes
1.0	2025-12-29	Security Team	Initial release

About this page

We update this page when our platform or the law changes.

Read our founder note for how we work.

Each change shows up in the timestamp at the top.

We follow these rules

GDPR (EU 2016/679).
ISO/IEC 27001:2022.
NIS2 (EU 2022/2555).
HIPAA safe harbor under 45 CFR § 164.514(b)(2).

Our promise

We do not sell your data.

We do not train models on your text.

We store your files in Germany.

You can delete your account at any time.

You own your work.

Where we run

Our servers live in Falkenstein, Germany.

We use Hetzner. They hold ISO 27001 certification.

All data stays in the EU.

Backups run every day.

Need help?

Email support@anonym.legal.

We reply within one business day.

How we test

We run a full check suite on every release.

Each surface gets its own sweep script and report.

Human reviewers spot-check the output each week.

We track recall and precision on a labelled set.

Bad runs block the deploy.

What we never do

We never sell your information to third parties.
We never train models on what you upload.
We never keep your work after you delete it.
We never share keys with any outside firm.
We never run ads inside the product.

Plans in plain words

We sell credits, not seats.

One credit covers one short job.

Long jobs use a few credits each.

You can top up at any time.

Unused credits roll over each month.

Read the plans page for current rates.

Who built this

A small team of engineers and lawyers built this.

We ship from Europe and work in the open.

Our founder note spells out why we started.

Where to start

How the parts fit

A browser add-on cleans text inside Chrome.

A Word plug-in handles drafts in Office.

A small desktop tool works on whole folders.

An agent protocol link feeds large models safely.

All four share one core engine and one rule set.

Words from our team

We started this work after a lunch about cookies.

One friend kept getting odd ads on her phone.

We asked why a court file leaked through a draft.

We sketched the first build on a napkin that week.

By month three we had a tiny demo for a friend.

She used it on her first case the next day.

Common questions we hear

Can the tool read scanned PDFs? Yes, with OCR.

Does it work on long files? Yes, in small chunks.

Can I roll my own rule set? Yes, save it as a preset.

Does it run offline? The desktop build runs offline.

Do you keep my files? No, the cloud build wipes after each run.

Will it learn from my work? No, we never train on inputs.

A short tour of the workflow

Upload a file or paste a snippet of prose.

Pick the entities you want gone from the draft.

Choose a method: replace, mask, hash, encrypt, or redact.

Press run and watch the side panel show each hit.

Skim the result and tweak any rule that misfired.

Save the cleaned file or send it to a teammate.