GDPR-compliant App

GDPR-compliant, by design.

Ethicaline TPRM handles sensitive third-party data. Data protection isn't a feature we bolted on — it's how the platform was built. Here is our approach.

European data residency

The platform's technologies and components are chosen, by design, to be hosted within the European Union — in France and Germany. Your data resides in the EU.

Privacy by design

Privacy is an architectural decision, not a policy afterthought. We collect only the data needed to run assessments, and keep personal data minimal and purposeful.

GDPR-aligned architecture

The platform is built to align with GDPR from the ground up — EU data residency, data minimization, and controlled access as founding principles.

Authentication & access control

Access to the platform is authenticated, with role-based permissions that ensure users see only the data appropriate to their role.

Built on certified European infrastructure

Ethicaline TPRM is deployed on infrastructure hosted within the European Union — in France and Germany — selected specifically for European data-protection expectations.

The underlying infrastructure providers maintain recognized, independently-audited security and privacy certifications, and data processing agreements aligned with GDPR are in place across the technologies used:

SOC 2 Type II ISO 27001 EU Cloud Code of Conduct

These certifications are maintained by the infrastructure providers on which the platform is built, and are independently audited. Sources: Cloudflare Trust Hub, Supabase Security, Fly.io Compliance. Certification scope is that of each provider; Ethicaline inherits these controls through its use of their EU-region services.

Why it matters for you

When you assess third parties, you handle names, affiliations and sometimes sensitive findings. A due-diligence tool should reduce your risk exposure, not add to it. By building on EU-hosted, independently-certified infrastructure with privacy designed in, Ethicaline TPRM keeps your third-party programme aligned with European data-protection expectations.