Security and trust

Your catalog files are handled with the same care as our own back-office

Encryption at rest, encryption in transit, EU infrastructure, short retention. No slogans, just facts.

The pillars of our security

Encryption at rest and in transit

All application data is stored encrypted on disk (AES-256). Connections use TLS 1.3 with HSTS.

Data hosted within the European Union

VPS infrastructure in the EU. No catalog data is transferred to non-EU regions without your explicit consent.

Minimal retention

Imported catalog files are automatically purged 90 days after the last export. Manual deletions are immediate.

Strict access control

Access to the production perimeter is restricted to a very small team with strong authentication. No access to customer data without an explicit ticket.

Payments delegated to Stripe

We never store your card data. It is sent directly to Stripe (PCI DSS Level 1 certified).

Encrypted backups

Daily automated backups, themselves encrypted, with a rolling 30-day retention.

AI and privacy

The AI providers we use (OpenAI, Anthropic) are configured in zero data retention mode and never train their models on your data.

Compliance and rights

GDPR — we are a processor under Article 28. A DPA is available on request.
You can export all your data at any time from your account.
You can delete your account and all associated data from your settings.

Report a security issue

If you think you've found a vulnerability, write to us at our dedicated address. We respond within 48 business hours.

security@ecomptimize.com