Screen FlowScreen Flow
Security & Compliance
Swiss-hosted, GDPR and nDSG compliant, tenant-isolated at the query level. Built for B2B environments where data security is non-negotiable.
computerWeb
GDPR & nDSG compliance
Regulatory posture
- gavelGDPR (EU) — Lawful basis for processing, right to erasure, data portability
- account_balancenDSG (Switzerland) — Swiss Federal Act on Data Protection, full compliance
- delete_foreverRight to erasure — Account self-delete flow (Article 17)
- privacy_tipData minimisation — Only data required for the service is collected and stored
Swiss hosting
All services run on Infomaniak VPS infrastructure in Switzerland. Media storage uses Infomaniak Object Storage (Swiss S3-compatible). No data leaves Switzerland for storage or processing.
Infrastructure summary
- dnsVPS — Infomaniak, Geneva — application servers and databases
- cloud_queueObject storage — Infomaniak S3-compatible — media files and backups
- lockEncryption in transit — TLS 1.3 for all connections
- storageEncryption at rest — AES-256 for all stored data
Authentication & tokens
Authentication layers
- mark_email_readOTP email login — Client Admin and Operator roles use 6-digit email OTP, valid 10 minutes
- passwordPassword login — Super Admin and Partner roles — bcrypt-hashed, min 12 characters
- tokenJWT tokens — Short-lived access tokens (1h) + refresh tokens (7d)
- vpn_keyInvitation tokens — 7-day expiry, single-use, hashed in database
Tenant isolation & data integrity
Every database query is scoped to the current tenant via TenantQuerySet. Cross-tenant access is architecturally impossible — not just a permission check, but a structural guarantee at the ORM level.
shield
SHA-256 hashes stored with every media file are verified by the player on each cache load — ensuring content integrity even if the storage layer is compromised.
Explore the 8Move Platform