Informations légales
Trust center
Security and service continuity are treated as first-class requirements. This page factually describes the measures in place — it is updated whenever something significant changes.
Dernière mise à jour : 1er juillet 2026
1. Access security
- Two-factor authentication (TOTP) enforced across the entire back office, with single-use backup codes.
- Role-based access control (least privilege): each operator only reaches the modules of their function; financial data is restricted to entitled roles.
- Immediate session revocation on password change, 2FA reset or account deactivation.
- Timestamped audit log of sensitive actions (logins, denied accesses, team and configuration changes).
2. Data protection
- Encryption in transit (TLS 1.2/1.3) across all services.
- Encryption at rest (AES-256-GCM) for sensitive data: contracts, HR records, payout details, integration secrets.
- Strict tenant isolation: partners and clients only ever access their own data (structural server-side control).
- AI assistants: no ability to act on data from public surfaces; third-party content is treated as data, never as instructions.
3. Continuity & backups
- Encrypted backups following the 3-2-1 rule: three copies, two media, one remote site (European Union).
- Recovery points: critical data every 6 hours, full daily backup.
- Restoration TESTED under real conditions (last test: July 2026 — 100% integrity verified). Recovery time objective: under one hour.
- Continuous monitoring (availability, resources, certificates) with immediate team alerting.
4. Incident response
- Documented and rehearsed incident procedures (outage, restore, compromise).
- Personal data breach: notification to the supervisory authority (CNIL) within 72 hours and communication to affected individuals where required (GDPR art. 33-34).
- Vulnerability reporting: RFC 9116 security.txt (link below) — good-faith reports are welcome.
5. Compliance
- GDPR: records of processing, public privacy policy, article 28 DPA available below.
- Transfers outside the EU: European Commission Standard Contractual Clauses (2021/914) where required.
- Invoicing and accounting: double-entry engine with integrity chaining, ready for the French e-invoicing mandate (2026-2027).
6. Subprocessors
Subprocessors with access to data as part of the service. Any addition is reflected on this page with 30 days' notice; you may object on legitimate grounds.
- Hostinger — Application hosting (VPS) · European Union
- IONOS — Remote backup site · European Union (Germany/France)
- Cloudflare — CDN, DNS, protection, email routing · EU/United States (SCCs)
- Stripe — Payments · EU/United States (SCCs)
- Resend — Transactional email · United States (SCCs)
- Anthropic — AI assistant (text processing) · United States (SCCs)
7. Documents
- Data Processing Agreement (DPA, GDPR art. 28)
- Service Level Agreement (SLA)
- security.txt (vulnerability reporting)
Security or due-diligence questions: security@pageoneboost.com — answer within 2 business days.