ID verification via NFC
Clients identify themselves on first contact using the German ID card (eID via NFC on the phone). It’s compliant with the German Money Laundering Act and replaces PostIdent — typically 5–15 € saved per client.
Security add-on for any Vlux network. Blocks the port for everyone except the gateway — maximum data sovereignty for your sensitive data. Strong enough for law firms and medical practices (GDPR-compliant), simple enough for any private user. Made in Germany.
Each layer works on its own. Together they form a defense in depth that holds even if a single layer fails.
Only allowed IPs reach the Bastion container at all. Everything else is blocked before the server.
Every connecting device identifies itself with its own certificate. Without a valid certificate — no connection.
Docker with AppArmor and Seccomp profiles. The Bastion process can’t reach anything outside its sandbox.
Inside the tunnel, another Vlux-specific token check. Two independent layers of auth instead of one.
Suspicious behavior — many failed logins, unusual load spikes — is throttled and reported automatically.
No single layer makes a system secure. But anyone facing five hurdles usually gives up before that — and that’s exactly what Bastion is built for.
Three setups where Bastion becomes essential — law firms, tax advisors, medical practices. Private users and businesses get the same security level for their own data.
Client files and evidence stay inside the firm. Clients don’t need an account, just a trust code.
Vlux Bastion · VluxPC · VluxApp Learn moreIn law firms, client data is the most valuable — and the most risky. With cloud solutions like SharePoint or DATEV, data flows through provider infrastructure, clients need accounts with logins, and every new client onboarding costs PostIdent (5–15 €) for the money-laundering act identification.
Vlux Bastion changes that: client files stay on a hardened server inside the firm. Clients get a one-time trust code — no account, no password. Identification runs via NFC reading of the German ID card, compliant with the money-laundering act. The free client app is enough.
On top of that: recordings of client meetings, video damage assessment and other evidence media are managed in the same system — end-to-end encrypted, evidence-grade versioned, full data sovereignty of the firm.
In beta With Vlux Drive: files and evidence sit only on the central Bastion server, lawyers’ PCs show skeletons. If a laptop is stolen, no client data remains on the disk.
Receipts, payroll and advisory documentation safely between client and firm — without DATEV lock-in.
Vlux Bastion · VluxPC · VluxApp Learn moreReceipts, payroll, annual statements — sensitive client data that often moves through the DATEV cloud or unencrypted email today. Both paths have downsides: DATEV costs 5–15 € per user per month, email is insecure.
With Vlux Bastion, clients get a free app. They send receipts via photo straight into the firm, end-to-end encrypted, without an account. The receipts land sorted on the firm’s Bastion server, the tax advisor accesses them directly — no cloud in between.
Advisory recordings, conference documentation and client meeting audio are managed in the same system — versioned, evidence-grade, never in a foreign cloud.
Patient data, sonography videos and OR recordings stay inside the practice — hardened against outside attacks.
Vlux Bastion · VluxPC · VluxApp Learn moreMedical practices face strict privacy requirements — patient records must not end up in cloud services subject to foreign law. At the same time, practices need practical ways to share findings between staff and exchange patient data with referring specialists.
Vlux Bastion provides a hardened server inside the practice. Patient records, finding photos, sonography videos and OR recordings stay physically inside the practice network. The Bastion server protects with five layers of defense against outside attacks, without the practice team having to be IT pros.
Media evidence — image findings, OR recordings, progress documentation — are managed in the same system as the records. Patients receive their own recordings via trust code to their phone, without an account.
Three properties we don’t find with any direct competitor — particularly relevant for licensed professionals, but available to every Vlux user.
Clients identify themselves on first contact using the German ID card (eID via NFC on the phone). It’s compliant with the German Money Laundering Act and replaces PostIdent — typically 5–15 € saved per client.
No login, no password, no forgotten credentials on the client side. A single trust code is enough for the whole engagement. Usable even for less tech-savvy clients.
The VluxApp is free for clients. Unlike DATEV, where client accounts cost 5–15 € per user per month, the firm pays once for Bastion. Scales without per-client running costs.
What Bastion delivers in every use — and what professional rules of conduct require.
Your data sits on your own devices. You keep full control — no foreign server, no provider looking in.
AES-256-GCM between sender and recipient. Nobody in the middle reads along.
Built in Schleswig-Holstein. Relay servers in Germany.
No cookies, no third-party tracking, no third-party services — on this site or in the product.
The beta phase is starting now — with a fixed group of testers.
The beta is running with a fixed group — we're not accepting further applications at this time. General availability is coming; then VluxNet will be open to everyone.
If you need a secure solution right now, reach out anyway — we'll find a way.
Send urgent request