Security and transparency
Architecture
Multi-site Paris + Ouagadougou, active-active failover. 100% self-hosted stack (no US-based SaaS on customer data).
Encryption
TLS 1.3 in transit, AES-256 at rest. Backups end-to-end encrypted (Restic). Physical copy with client key (Tondnso never knows it).
GDPR
DPO registered with CNIL. Invoices kept 10 years (FR accounting). Anonymisation after 24 months without subscription + 12 months without login.
Commitments
No data reselling. No file scanning. No ads. Transparency on incidents (status page).
Contact
DPO: [email protected] · Security: [email protected]