● Security & Privacy
Your data stays in France. Always.
AWS Paris infrastructure, AES-256 encryption, full GDPR compliance. Here's exactly how we protect your customers' and your team's data.
AES-256
encryption in transit & at rest
France
EU-only hosting
GDPR
fully compliant
Infrastructure & hosting
- ✓Exclusively hosted in AWS Paris datacenters.
- ✓No data transfers outside the European Union.
- ✓Infrastructure certified ISO 27001 and SOC 2 Type II.
- ✓24/7 security monitoring with automatic alerts.
Encryption & technical protection
- ✓AES-256 encryption for all data in transit and at rest.
- ✓Daily encrypted backups with geographic replication.
- ✓Secure connections (HTTPS/TLS) across all communications.
Access control
- ✓Principle of least privilege: access strictly limited to authorised personnel.
- ✓Immediate access revocation when a team member leaves.
- ✓No anonymous access to customer data.
GDPR & sub-processors
- ✓You are the data controller. Review Collect acts as data processor.
- ✓Data used for a single purpose: collecting and analysing customer reviews.
- ✓No sensitive data within the meaning of Article 9 of the GDPR is processed.
- ✓Authorised sub-processors: Amazon Web Services EMEA SARL (infrastructure, EU), Brevo SAS (email and SMS, EU).
- ✓Designated DPO: dpo@review-collect.com
Retention & data subject rights
- ✓Personal data retained for the duration of the contract, then deleted within 30 days of termination.
- ✓Anonymised analytics data retained for a maximum of 24 months.
- ✓Anonymisation on written request within 30 calendar days.
- ✓Any rights request forwarded within 24 hours.
Questions about your data security?
Our DPO will get back to you.