Security & sovereignty

Your data stays in France. So do your models

ANSSI-qualified SecNumCloud 3.2 hosting, French AI models trained on French, end-to-end encryption, GDPR, HDS and AI Act compliance. No data is used to train third-party models.

01 Three pillars

Sovereignty, compliance, transparency

Three non-negotiable, verifiable, audited commitments. No vague cloud talk: we tell you where your data is, who can access it, and what we do with it.

Sovereignty

The whole chain — hosting, models, operations — stays French and European. No transfer outside the EU, ever.

  • OUTSCALE / SecNumCloud 3.2 (Saint-Cloud, FR)
  • Sovereign open-source models
  • No US/CN Big Tech dependency
  • Cloud Act-proof by design

Compliance

GDPR, HDS, AI Act: not in theory — in the contract. Signable DPA, up-to-date processing record, AIPD available.

  • GDPR: DPA, record, AIPD
  • HDS: healthcare hosting agreement
  • AI Act: limited-risk classification
  • ISO 27001: certification targeted 2026

Transparency

You know what the AI saw, what it wrote, and why. Every suggestion is traceable back to its source.

  • Every annotation timestamped and signed
  • Access logs available (RBAC)
  • Sourced, verifiable citations
  • No retraining on your data
02 Architecture

Your documents don't leave France

End-to-end on sovereign infrastructure. From upload to report delivery, everything stays on SecNumCloud, encrypted, segregated, auditable.

1

Secure upload

HTTPS / TLS 1.3 · SSO or MFA auth · Encryption before send · No third-party cookies

2

AI processing

OUTSCALE SecNumCloud 3.2 · On-premises open-source models · AES-256 · Per-tenant isolation

3

Delivery

Digitally signed report · Complete audit trail · Deletion at D+30 · PDF + DOCX export

The detail that reassures your DPO

All contractual elements are available before signing. On request, our teams can help fill out your internal AIPD.

AI Act: ready before 2026

Eryon is classified "limited risk" under Regulation (EU) 2024/1689. Our systems embed transparency, traceability and governance obligations by design.

  • Marking of AI-generated or modified content (art. 50)
  • Technical documentation kept up to date (Annex IV)
  • Guaranteed human oversight: AI proposes, humans validate
  • Risk assessment refreshed at each model evolution
  • Internal register of use cases and data used

Request our full security brief

12-page document: architecture, sub-processors, security measures, data governance, business continuity. To pass to your IT or DPO.

Request the brief