Trust isn't declared. It's documented.
Where the data lives, who can touch it, what happens when something fails — the decisions behind a decade-long partnership, written for the people whose job is to ask.
Your data never leaves the European Union.
Production, backups, and analytics for all three products run on OVHcloud in France — Gravelines and Roubaix. One data residency, an audited European supply chain, and no transfers to third countries.
GDPR and CNDP aligned, by construction.
GEERD operates under both the GDPR (EU) and Law 09-08 / CNDP (Morocco). Data processing agreements, subject-access workflows, and retention controls are built into every product — and the whole setup is reviewed annually by an independent third party.
Every access is named, every action is traced.
SAML and OIDC single sign-on out of the box, SCIM provisioning, and role-based access control across BrightStep, EasyClass, and AlmaHub. Every change is attributed and timestamped in a full audit trail, and backups are encrypted.
Eight years running, zero data loss.
99.8% measured annual uptime, multi-region failover, and daily encrypted backups. Eight years in operation, zero data-loss incidents.
What your DPO will ask for, we've already prepared.
The data processing agreement, answers to your security questionnaire, and audit summaries are available on request through the contact page. We answer compliance requests within five working days.
A compliance question?
DPO, IT director, procurement committee — write to us directly. A real person answers.
Contact usLooking for the legal notice on website data? See the Data Protection page.