Trust Center
Our security commitment to protect your compliance data.
EU Hosting
Data residency
All data is hosted within the European Union, ensuring full compliance with GDPR and digital sovereignty requirements.
Infrastructure provider
Our infrastructure is hosted on certified European cloud providers, with data centers located in France and the EU.
Data Protection
Encryption at rest
All data is encrypted at rest using AES-256 encryption. Database backups are also encrypted.
Encryption in transit
All communications are encrypted via TLS 1.3. We enforce HTTPS on all endpoints with HSTS headers.
Data isolation
Each organization's data is strictly isolated using multi-tenant architecture with Row-Level Security (RLS) on PostgreSQL.
Backups
Automated daily backups with point-in-time recovery. Backups are stored in a separate EU region for disaster recovery.
Application Security
Authentication
Secure authentication with JWT tokens, multi-factor authentication (MFA), and role-based access control (RBAC) per entity.
Vulnerability management
Regular dependency scanning, automated security testing in CI/CD, and responsible disclosure policy.
Audit logging
All significant actions are logged with immutable audit trails. Logs are retained for regulatory compliance purposes.
Secure development
We follow secure development practices: code review, SAST/DAST analysis, and security-focused architecture review.
Certifications
GDPR
Fully compliant with the General Data Protection Regulation
ISO 27001
Certification in progress
SOC 2 Type II
Planned
Subprocessors
We work with a limited number of carefully selected subprocessors, all located within the European Union.
| Subprocessor | Purpose | Location |
|---|---|---|
| Scaleway | Cloud infrastructure hosting | France, EU |
| Anthropic | AI assistant (Claude) | EU data processing |
| Resend | Transactional emails | EU |