- Sovereign, certified hosting in France
- Technical, physical and organizational safety
- Data confidentiality, integrity and availability
- Compliance, Governance and Continuity
Data Comply One (ex Mission RGPD) s’engage sur tous les domaines qui participent à la sécurité de vos données : employés, sécurité physique, accès aux données, hébergement et réseaux, logs, disponibilité, audits.
Access to your account is secured by several protection mechanisms and we will scrupulously protect your data. Your data is encrypted both in transit and at rest in our databases.
Data Comply One (ex Mission RGPD) garantit la protection de vos documents contre toute modification, grâce à un contrôle strict de vos données et une politique de sauvegardes régulières.
Your data is replicated in real time in 3 separate data centers in France, automatically switching from one to the other within seconds in the event of an incident.
Sovereign, certified hosting in France
Our platform is based on the Visiativ cloud, hosted in Free Pro data centers located exclusively in France, certified ISO 27001 and HDS (Hébergement de Données de Santé). These infrastructures benefit from network and electrical redundancy (2N), fire detection systems to APSAD R13 & VESDA standards, and an availability commitment of 99.982%. The data centers are more than 300 km apart, to guarantee a geographically robust disaster recovery plan.
Technical, physical and organizational safety
- Documented information security policy, validated by Visiativ DSSI
- Regular penetration tests by external experts
- Équipe cybersécurité dédiée (DSSI/RSSI) chez Visiativ + direction technique chez Data Comply One (ex Mission RGPD)
- IT charter, administrator charter, developer charter
- DevSecOps organization: continuous implementation of security in development cycles
- 6 physical access control points in data centers
- 24/7 video surveillance with trained and authorized SSIAP agents
- Surveillance continue des accès aux locaux de Data Comply One (ex Mission RGPD)
- Direct visitor supervision and access log archiving
Data confidentiality, integrity and availability
- Data encryption at rest and in transit (TLS/SSL, HSTS, Perfect Forward Secrecy)
- Strong authentication (email + password + optional 2FA)
- Password encryption using SHA-1, SHA-256 or bcrypt hash functions
- Sensitive data exchanged only via secure tools or encrypted media validated by the IT Department
- Short-life certificates (90 days) automatically renewed
- Strict control of access to source code and production environments
- Full logging of system accesses and actions (audit logs replicated in 3 datacenters)
- Log retention: 1 year, secure access (VPN, 2FA)
- Documented procedures for incident response, analysis, closure and prevention
- In the event of an incident, immediate notification of the customer and guaranteed traceability
- Real-time database replication on 3 separate sites
- Hourly encrypted backups, 12-month rolling retention period
- Daily testing of restoration processes
- Immutable backups stored on multi-site object storage
- Automatic resource scaling (CPU, RAM, disks)
Compliance, Governance and Continuity
- GDPR platform, regular internal audits
- Designated DPO: dpo@www.datacomplyone.com
- Privacy policy
- Exercising individual rights
- Data processing mapping, privacy policy, data protection charter
- Constant monitoring of regulatory developmentsGDPR, NIS2, e-Privacy, DORA, AI Act...)
- Integrated DRP/DCP: automatic failover in the event of an incident
- Total reversibility in the event of breakage: data exportable in open formats (CSV, Excel)
- Contractual commitment to complete and secure data return at the end of the contract