Technical transparency
This site runs on our own sovereign stack
No marketing. Here's the exact infrastructure powering DeploySovereign — and how to verify it yourself.
Our infrastructure
| Hosting | Scaleway (Paris, France 🇫🇷) |
| Docker registry | Scaleway Container Registry (FR) |
| Database | Managed PostgreSQL — Scaleway (FR) |
| DNS & CDN | Scaleway (FR) — no US CDN |
| Payments | Stripe (EU) — only data sent outside FR |
| LLM (Studio) | Anthropic Claude — the summary, never your raw data |
| Source code | GitHub (private) — CI hosting only, not your data |
Our principles
Customer data in France
Your application data — customers, content, database — never leaves Scaleway's French datacenters.
Zero Cloud Act
No US provider stores your business data. Scaleway is a French company not subject to the Cloud Act.
Verifiable
Run a traceroute, look at HTTP headers, read our source code. Nothing to hide.
Portable
Your application belongs to you. The code is exportable at any time. No proprietary lock-in.
FAQ — Security & Disaster Recovery
How often are backups performed?+
Automatic backups every 24 h, encrypted (AES-256) and kept for 30 days on independent infrastructure in France.
If something goes wrong, what could I lose — and how fast is it back?+
At worst you lose the last 24 h of changes, and your application is fully restored in under 2 h. We test this restore regularly.
Is data encrypted at rest?+
Yes. Your data and your backups are encrypted (AES-256), both at rest and in transit.
What about AI? Do my documents go to a US provider?+
No. The raw content of your files is processed only by Mistral AI (EU-hosted), which summarises and sanitises it. The model that builds your app never receives your raw files — only that summary. In other words: your documents never leave Europe.
What exactly does the US AI see when I use the Studio?+
Three protections stack up automatically. 1) The code name: before anything is sent, your company name and identifiers are replaced with neutral labels ("[COMPANY]") — the orchestration works on an anonymous file, and our servers restore the real names before display. 2) Strategy as tags: your product vision (goals, priorities) is never transmitted verbatim — a French AI (Mistral) first condenses it into generic tags ("sector: health, goal: acquisition"), and only those tags travel. 3) Data goes around, not through: your files and lists (customers, products…) are stored in a space with us, in France, and your app fetches them through an authenticated channel — never passing through the orchestration engine. And everything is audited: every exchange is logged, and the violation counter is public to you — it stands at zero.
Who can access my data?+
You alone. Our teams only access the infrastructure in a critical incident, with full traceability — never your data without your request.
Are you GDPR compliant?+
Yes. Data hosted in France, Data Processing Agreement (DPA) available on request, full data export possible at any time, deletion within 30 days on request.
What happens if DeploySovereign shuts down?+
Your source code is handed back to you and your data is exportable in one click, at any time — so you can move to your own infrastructure if you wish.
Verify it yourself
Our hosting is public and verifiable: our servers are with Scaleway, in Paris. You can see it in our domain's public information and in the security certificate of this page — issued for French infrastructure.
We explain our choices
Notre approche de la qualité : pourquoi vous ne verrez jamais de faux avis
Une application livrée doit être irréprochable — jusque dans ce qu'elle affiche au public. Voici les principes que chaque app construite chez nous respecte, et pourquoi nous refusons les faux témoignages.
→SouverainetéQuelle offre souveraine pour quel profil ?
Secteur public, santé, banque, ETI, startup : selon la sensibilité de vos données, l'hébergement souverain et les certifications visées diffèrent. Le guide par profil.
→SouverainetéCloud Act : pourquoi « région européenne » ne veut pas dire « souverain »
Héberger « en Europe » chez un géant américain ne protège pas vos données du Cloud Act. On vous explique la nuance qui change tout — et ce qu'on fait différemment.
→IA & donnéesComment on prouve qu'une IA américaine ne voit pas vos documents
Utiliser une IA pour analyser vos documents sans que leur contenu parte hors d'Europe : l'architecture hybride, et surtout comment on le PROUVE.
→