Security & GDPR

Your data stays in France, with us.

100% France hosting, AES-256 encryption, DPO registered with the CNIL, signable DPA. Here, without window dressing, is how Hippolit protects your employees' data.

Hosting

100% France

OVH (production) + Azure (backup)

Encryption

AES-256 / TLS 1.2+

At rest and in transit

DPO

Registered with CNIL

Ref. DPO-171602

Contract

DPA ready to sign

Compliant with GDPR Article 28

A team that knows the topic

Before Hippolit, Morgan and Maxime led the HR Core product at Lucca: the module that manages employee records for 10,000 companies.

Application security, sovereign hosting, customer audits, DPAs, pentests - we handled all of this on the vendor side for seven years. Hippolit is built to the same standards.

Our commitments

Hosting

Data hosted and processed 100% in France. No transfer outside the EU without written agreement.

GDPR role

Hippolit is a processor under Article 28. You remain the data controller.

DPO

Data Protection Officer registered with the CNIL (ref. DPO-171602). Contact: dpo@hippolit.io.

DPA

Bilateral data processing agreement, Article 28-compliant, ready to sign.

Deletion

Employee data erased within 72 hours. Full deletion within 90 days after contract end.

Data breach

Notification to the data controller within 48 hours.

Need the full documentation?

GDPR & Security policy (11 pages) + bilateral DPA ready to sign (12 pages) - available on request.

Request the documents Talk to a human