Hosting
Scaleway
Datacentre Paris West 3, ISO 27001, Tier III+, sovereign French operator.
Security & Hosting
Your Procurement data. Sovereign.
Hosting on Scaleway Paris West 3, sovereign AI Mistral & Claude (zero data retention), native GDPR compliance, end-to-end encryption, 99.9% SLA. Walflow meets your IT and CISO security requirements.
Our sovereign stack
End-to-end sovereignty.
Hosting, AI and data: everything stays in Europe, operated by European players. No risk of leaks to offshore platforms or third-party training models.
Sovereign AI
Mistral AI & Claude AI
No client data used to train a model. Zero data retention enabled.
Legal framework
GDPR by Design
Privacy by design from the ground up. Contractual DPA included. Outside non-European jurisdictions (Cloud Act, etc.).
4 trust pillars
Built for demanding IT leaders.
Hosting in France · Scaleway
Scaleway Paris West 3 datacentre, Tier III+, ISO 27001. Your data never leaves French soil.
- Scaleway Paris West 3
- ISO 27001 · Tier III+
- Multi-zone replication
- Encrypted daily backups
Native GDPR compliance
Privacy by design. Automatic register of processing activities. Fine-grained consent management via Axeptio + WP Consent API.
- Auto register of activities
- Contractual DPA included
- Built-in right to erasure
- Documented sub-processors
Operational security
AES-256 encryption at rest and TLS 1.3 in transit. SAML/OAuth SSO. MFA available on every account. Regular audits.
- AES-256 + TLS 1.3
- SSO SAML 2.0 / OAuth 2.0
- MFA TOTP / WebAuthn
- Annual penetration tests
Sovereign AI · zero training
Mistral AI (French models) and Anthropic Claude (zero data retention enabled). Your prompts and data feed NO external model.
- Mistral AI · EU hosting
- Claude · zero data retention
- No external training
- AI call audit trail
Operational security
Security built to protect your Procurement data.
Exchanges are secured and configured to guarantee consistency, reliability and operational continuity.
Encryption in transit
TLS 1.3 on all exchanges, certificates renewed automatically.
Fine-grained access management
Granular roles and permissions, MFA, SAML/OAuth SSO, limited sessions.
Logging and traceability
All actions tracked (audit log), exportable, retained for 12 months.
Continuous monitoring
24/7 monitoring, intrusion detection, permanent technical on-call.
SLA & guarantees in numbers.
99.9%
Availability SLA
i.e. < 9h/year downtime
24/7
Infra monitoring
Permanent tech on-call
< 4h
RTO on incident
Guaranteed time-to-recover
D+1
Daily backups
Point-in-time restore
Regulatory compliance
Built to meet Procurement requirements.
Walflow is designed to meet regulatory obligations and compliance requirements, especially around personal data protection and traceability.
GDPR Compliance
Privacy by design, auto register, contractual DPA included.
Consent management
Collection, traceability, withdrawal of user consents.
Complete traceability
All operations and accesses tracked and exportable.
Auditability
Auditable data and processes, exports for your auditors.
Formal commitments.
Everything is contractual. No verbal promises: a DPA, written SLAs, documented audits.
DPA (Data Processing Agreement)
Terms of Service
Contractually guaranteed SLAs
Documented sub-processors
Published security policy
Reversibility procedure
Frequently asked questions
IT & CISO questions.
Data is encrypted at rest (AES-256) and in transit (TLS 1.3), access is strictly controlled (SAML/OAuth SSO, MFA), and every action is logged in an audit trail retained for 12 months. Walflow implements advanced security mechanisms to guarantee the confidentiality, integrity and availability of information.
Data is hosted in France, in the Scaleway Paris West 3 datacentre (Tier III+, ISO 27001). This approach guarantees data sovereignty, regulatory compliance (GDPR, outside non-European jurisdictions such as the Cloud Act) and full control over its location.
Yes. Walflow meets GDPR requirements on personal data protection, user rights management, privacy by design and traceability. A contractual DPA is included, the register of processing activities is generated automatically and all sub-processors are documented.
Never. Walfy runs on Mistral AI (sovereign French models, EU hosting) and Anthropic Claude with zero data retention enabled. No client data is used to train a model, nor shared with any third party. Every AI request is auditable.
Let's talk to your IT / CISO.
A dedicated call on security, compliance and hosting to answer every technical question.
