Skip to content
Français

Security & Trust

How we protect your data and meet enterprise security expectations.

Last updated: 2026-04-18

1. Encryption

  • Data at rest: AES-256.
  • Data in transit: TLS 1.2 or higher; HSTS enabled.
  • Key management: managed by our hosting provider (Cloudflare).

2. Access Control

  • Role-based access control (RBAC) for all internal systems.
  • Multi-factor authentication mandatory for all personnel with access to personal data.
  • Comprehensive audit logs for all access to and modifications of customer data.
  • Least-privilege provisioning, reviewed quarterly.

3. Sub-Processors

Our complete and current sub-processor list is published at /sub-processors. We notify customers of any addition or change with at least 30 days advance notice (per DPA §5).

4. Incident Response

We notify the controller (customer) of any personal data breach without undue delay and in any case within 72 hours of becoming aware of the breach, in line with GDPR Art. 33 and our DPA §7. Our incident-response procedures cover detection, containment, controller notification, root-cause analysis, and post-incident review.

5. NIS2 Readiness

We are preparing for the obligations of Directive (EU) 2022/2555 (NIS2) as transposed into French law (Loi du 3 octobre 2024 relative à la résilience des activités d'importance vitale). Customers subject to NIS2 may request our security questionnaire and current attestations at [email protected].

6. Vulnerability Disclosure

Security researchers are invited to disclose vulnerabilities responsibly to [email protected]. Please refer to our /.well-known/security.txt file for the latest contact details and PGP key.