Security and privacy, by design
Your core data is hosted in France and the EEA. Specialised processing outside the EEA is protected in line with the GDPR. Our voice agent always states that it is an AI.
Data in France and the EU
Core services hosted with OVHcloud in France and the European Economic Area.
Encryption in transit
All communications are encrypted over HTTPS / TLS.
Multi-tenant isolation
Each organisation's data is isolated from every other.
48-hour notification
For a client data breach, notification where reasonably possible within 48 hours.
Security
Defense in depth, least privilege and a secure development lifecycle. Program aligned with ISO/IEC 27001 Annex A controls, audited internally.
Privacy
GDPR legal bases, bounded retention periods, data-subject rights and an Article 28 data processing agreement (DPA).
Responsible AI
Our voice agent states that it is an AI, redirects emergencies to emergency services, and limits audio processing to what the Service requires.
Subprocessors
Carefully selected subprocessors, controlled data location and mechanisms framing transfers outside the EU.
Documents
Available to our clients once signed in. Prospects: ask us for the package.
Accord de traitement des données (DPA)
Client accessNotre accord de sous-traitance au titre de l'article 28 du RGPD, intégré aux Conditions Générales d'Utilisation.
OpenFAQ sécurité
Client accessLes réponses aux questions les plus fréquentes des questionnaires de sécurité.
OpenGestion des incidents
Client accessNotre processus de réponse aux incidents et de notification des violations de données sous 72 heures.
OpenMesures techniques et organisationnelles
Client accessLes mesures de sécurité mises en oeuvre pour protéger les données traitées (annexe au contrat de sous-traitance).
OpenRétention et effacement
Client accessNos durées de conservation par catégorie de données et nos engagements d'effacement.
OpenSécurité de la plateforme
Client accessArchitecture défensive, authentification, isolation des données, chiffrement et cycle de développement sécurisé.
OpenSous-traitants
Client accessLa liste nominative de nos sous-traitants, leur localisation et les mécanismes encadrant les transferts.
OpenSystem card de l'agent vocal
Client accessCe que fait l'assistant vocal, ses garde-fous, sa transparence IA et le traitement des données d'appel.
OpenFrequently asked questions
Where is the data hosted?
With OVHcloud, with core data in France and the European Union.
Is the data encrypted?
Yes, all communications are encrypted in transit over HTTPS / TLS.
Do you sign a data processing agreement (DPA)?
Yes. Our Article 28 GDPR data processing agreement is incorporated into the Terms and is available in the client Trust Center.
Can I retrieve my data at the end of the contract?
Yes, data reversibility and export are provided. Details are in our documents.
What happens in the event of a data breach?
We follow an incident response process and notify affected clients, where reasonably possible, within 48 hours after becoming aware of a breach.
Do you hold an ISO 27001 or SOC 2 certification?
Our program is aligned with ISO/IEC 27001 Annex A controls and audited internally. No certification is claimed at this stage.
A security question?
Our team answers security requests and vulnerability reports.
Contact security@bookimo.io