100% EU Hosted & GDPR Compliant

Built for trust from the ground up.

Every architectural decision we make starts with the same question: is this the safest way to handle customer data? Here's what that means in practice.

EU-hosted infrastructure

All data is processed and stored exclusively within the European Union, on Scaleway (fr-par). No data ever leaves the EU. No US cloud providers, no transatlantic transfers.

Encryption in transit & at rest

TLS 1.3 for all network traffic. AES-256 encryption for data at rest. Credentials stored encrypted in AWS SSM with per-tenant key isolation.

Tenant isolation

Each customer gets a dedicated database and isolated compute. Connection-level separation means one tenant's query cannot reach another tenant's data — enforced at the infrastructure layer, not in code.

GDPR compliant

Full compliance with the EU General Data Protection Regulation. Data Processing Agreement available on request. Right to access, correction, deletion, and portability supported end-to-end.

SOC 2 roadmap

We operate under a formal security program aligned with SOC 2 Type II requirements. Certification audit is on the roadmap for 2026. Security documentation and current controls available on request.

Your data is never sold

We will never sell, rent, or share your data. We will never use your data to train models — ours or anyone else's. On account closure, data is deleted within 30 days except where law requires longer retention.

Architecture at a glance

Infrastructure

• Scaleway Kapsule (managed Kubernetes), fr-par region
• Supabase Postgres (EU-west-1) for tenant data
• Airbyte for ingestion (self-hosted on EU infra)
• Apache Superset for dashboarding

Operational controls

• Infrastructure as code (Terraform + GitOps)
• All changes reviewed and audited
• Automated daily backups, 30-day retention
• 24/7 alerting on anomalies and failures

Security FAQ

Where is my data physically stored?

All data is stored on Scaleway infrastructure in the fr-par region (Paris, France). No data is replicated outside the EU. We do not use any US-based cloud providers.

Can I get a signed DPA?

Yes. We provide a Data Processing Agreement (DPA) as part of our standard contracting. Email legal@data-zip.com to request a copy.

Who has access to my data?

Access to production systems is restricted to a small number of engineers on the operations team, and every access is logged and audited. No customer data is accessible from development or staging environments.

What happens if I cancel?

You have a 30-day grace period to export all your data. After that, we delete it from production systems within 30 days. Backups are purged within 90 days.

Do you support SSO?

Yes, on our Professional and Scale plans. We support SAML 2.0 and OIDC for single sign-on integration with your identity provider.

Can I restrict which data goes to Pillar?

Yes. Every connector supports field-level selection — you choose exactly which tables and columns to sync, and you can exclude personally identifiable information (PII) at the source.

Want more detail?

Our security documentation, DPA, and architecture overview are available on request.

Request security docs Browse integrations Explore dashboards