The short answer:

At Papeez, we take security very seriously: we are fully compliant with the GDPR. Protecting your information and respecting your privacy rights are extremely important to us.

Where is Papeez hosted?

We are hosted by cloud service providers such as Scaleway (France) and AWS France (France). Our hosting providers implement strict security measures on their infrastructure and hold numerous certifications, which you can find on their respective websites:

• AWS: https://aws.amazon.com/security/

• Scaleway: https://www.scaleway.com/en/security-and-resilience/

Is customer data encrypted?

Yes, all customer data is encrypted at rest and in transit:

• In transit: we use the HTTPS protocol (TLS 1.2 / TLS 1.3) to encrypt all traffic destined for end users.

• At rest: sensitive data is encrypted at rest (AES-256) or hashed, in accordance with industry standards.

Which other third-party services process the data?

We only share your data with certain companies that help us improve our services for you. You can view the complete list of our processors here.

To what extent does Papeez protect itself against common web application vulnerabilities?

Our infrastructure includes the following protections:

• All services run behind Cloudflare, which provides built-in DDoS protection and rate limiting

• All traffic is routed via HTTPS

• Our infrastructure is distributed across multiple regions and is secured via:

  • The use of virtual private clouds (VPCs)

  • A firewall that monitors incoming and outgoing network traffic

• Access to servers is limited to authorized members of the Evalmee team and is granted via username and password to prevent brute-force attacks on passwords

• Evalmee is automatically notified of vulnerabilities discovered in the software components used so that necessary updates can be applied quickly

• All members of our team are well-versed in common web application vulnerabilities, and we always design our systems and code using a defense-in-depth approach

In short, we follow OWASP best practices and regularly review our infrastructure and code for vulnerabilities.

Data Processing Agreement (DPA)

We offer a Data Processing Agreement (DPA) that clearly defines the respective responsibilities and obligations regarding the protection of personal data, in accordance with GDPR requirements. The DPA is available at this link.

To obtain a signed copy, please contact us at support@papeez.com.

Papeez Is GDPR-compliant?

Yes, Papeez is fully GDPR-compliant. The security of your personal information and respect for your privacy rights are extremely important to us.

We are fully committed to protecting personal data and ensuring compliance with the General Data Protection Regulation (GDPR).

If you’d like to learn more about your data, make changes, or even ask us to delete it, we’re here to help. You can chat with us live on our website or send us an email at support@papeez.com.