Skip to main content
Security & Compliance

Trust through transparency.

The security of your data and your clients' data is at the heart of how we design our tools.

The control of an in-house system, without the overhead.

A house has no reason to give up control of its data to adopt an external tool. Wave is built for the opposite: sovereign hosting, per-establishment isolation, full data ownership and reversibility. You stay in control; we carry maintenance, availability and security.

Security measures

Encryption

Data encrypted end-to-end — in transit and at rest. Nothing travels in clear text between the app and our servers.

Data isolation

Each establishment is strictly partitioned: no data is ever pooled across clients.

Access control

Granular roles — associate, manager, administrator. Each member only accesses their own scope.

Sovereign hosting

Infrastructure hosted in the European Union, 100% EU. Your data never leaves the EU.

Audit trail

Sensitive actions can be logged and exported to meet your internal compliance obligations.

Backups & continuity

Regular backups, tested restoration and continuous infrastructure monitoring.

End-to-end

Data encryption

100% EU

Hosted in the European Union

Art. 28

GDPR DPA ready to sign

< 72 h

Incident notification

Compliance & commitments

  • Built on GDPR principles: data minimisation, limited purpose, restricted access.
  • Data Processing Agreement (GDPR art. 28) ready to sign; sub-processor list available.
  • You remain the owner of your data: export at any time.
  • Contractual confidentiality (NDA) — no public reference to a client house without written consent.
  • In the event of a security incident: notification within 72 hours.
  • Enterprise options on request: dedicated deployment, integrations and advanced compliance requirements.

Frequently asked questions

Where is the data hosted?

In the European Union, on 100% EU infrastructure. Your data never leaves the EU.

Do you sign a Data Processing Agreement (DPA)?

Yes. A GDPR article 28 DPA is ready to sign, and our sub-processor list is available on request.

Who can access my data?

Only your team members with the appropriate permissions. Our technical teams only access it for support, with your agreement.

How is access to data secured?

Granular role-based access control is native: each member only accesses their own scope. For enterprise deployments, enhanced authentication options can be set up depending on your context.

What happens in the event of a security incident?

A response plan is in place and you are notified within 72 hours, in line with GDPR.

What happens if I cancel?

You remain the owner of your data and can export it at any time.

Do you have a data protection contact?

Yes: privacy@digital-haute-couture.com for any data protection question.

Questions about security?

Our team is available to address your specific compliance requirements.

Contact us