Skip to main content
DeploySovereign

Technical transparency

This site runs on our own sovereign stack

No marketing. Here's the exact infrastructure powering DeploySovereign — and how to verify it yourself.

Our infrastructure

HostingScaleway (Paris, France 🇫🇷)
Docker registryScaleway Container Registry (FR)
DatabaseManaged PostgreSQL — Scaleway (FR)
DNS & CDNScaleway (FR) — no US CDN
PaymentsStripe (EU) — only data sent outside FR
LLM (Studio)Anthropic Claude — the summary, never your raw data
Source codeGitHub (private) — CI hosting only, not your data

Our principles

🇫🇷

Customer data in France

Your application data — customers, content, database — never leaves Scaleway's French datacenters.

🔒

Zero Cloud Act

No US provider stores your business data. Scaleway is a French company not subject to the Cloud Act.

🔍

Verifiable

Run a traceroute, look at HTTP headers, read our source code. Nothing to hide.

📦

Portable

Your application belongs to you. The code is exportable at any time. No proprietary lock-in.

FAQ — Security & Disaster Recovery

How often are backups performed?+

Automatic backups every 24 h, encrypted (AES-256) and kept for 30 days on independent infrastructure in France.

If something goes wrong, what could I lose — and how fast is it back?+

At worst you lose the last 24 h of changes, and your application is fully restored in under 2 h. We test this restore regularly.

Is data encrypted at rest?+

Yes. Your data and your backups are encrypted (AES-256), both at rest and in transit.

What about AI? Do my documents go to a US provider?+

No. The raw content of your files is processed only by Mistral AI (EU-hosted), which summarises and sanitises it. The model that builds your app never receives your raw files — only that summary. In other words: your documents never leave Europe.

What exactly does the US AI see when I use the Studio?+

Three protections stack up automatically. 1) The code name: before anything is sent, your company name and identifiers are replaced with neutral labels ("[COMPANY]") — the orchestration works on an anonymous file, and our servers restore the real names before display. 2) Strategy as tags: your product vision (goals, priorities) is never transmitted verbatim — a French AI (Mistral) first condenses it into generic tags ("sector: health, goal: acquisition"), and only those tags travel. 3) Data goes around, not through: your files and lists (customers, products…) are stored in a space with us, in France, and your app fetches them through an authenticated channel — never passing through the orchestration engine. And everything is audited: every exchange is logged, and the violation counter is public to you — it stands at zero.

Who can access my data?+

You alone. Our teams only access the infrastructure in a critical incident, with full traceability — never your data without your request.

Are you GDPR compliant?+

Yes. Data hosted in France, Data Processing Agreement (DPA) available on request, full data export possible at any time, deletion within 30 days on request.

What happens if DeploySovereign shuts down?+

Your source code is handed back to you and your data is exportable in one click, at any time — so you can move to your own infrastructure if you wish.

Verify it yourself

Our hosting is public and verifiable: our servers are with Scaleway, in Paris. You can see it in our domain's public information and in the security certificate of this page — issued for French infrastructure.

We explain our choices