Screen FlowScreen Flow
Sécurité et conformité
Hébergé en Suisse, conforme RGPD et nLPD, isolation des tenants au niveau des requêtes. Conçu pour les environnements B2B où la sécurité des données est non négociable.
computerWeb
GDPR & nDSG compliance
Regulatory posture
- gavelGDPR (EU) — Lawful basis for processing, right to erasure, data portability
- account_balancenDSG (Switzerland) — Swiss Federal Act on Data Protection, full compliance
- delete_foreverRight to erasure — Account self-delete flow (Article 17)
- privacy_tipData minimisation — Only data required for the service is collected and stored
Swiss hosting
All services run on Infomaniak VPS infrastructure in Switzerland. Media storage uses Infomaniak Object Storage (Swiss S3-compatible). No data leaves Switzerland for storage or processing.
Infrastructure summary
- dnsVPS — Infomaniak, Geneva — application servers and databases
- cloud_queueObject storage — Infomaniak S3-compatible — media files and backups
- lockEncryption in transit — TLS 1.3 for all connections
- storageEncryption at rest — AES-256 for all stored data
Authentication & tokens
Authentication layers
- mark_email_readOTP email login — Client Admin and Operator roles use 6-digit email OTP, valid 10 minutes
- passwordPassword login — Super Admin and Partner roles — bcrypt-hashed, min 12 characters
- tokenJWT tokens — Short-lived access tokens (1h) + refresh tokens (7d)
- vpn_keyInvitation tokens — 7-day expiry, single-use, hashed in database
Tenant isolation & data integrity
Every database query is scoped to the current tenant via TenantQuerySet. Cross-tenant access is architecturally impossible — not just a permission check, but a structural guarantee at the ORM level.
shield
SHA-256 hashes stored with every media file are verified by the player on each cache load — ensuring content integrity even if the storage layer is compromised.
Explore the 8Move Platform