We are transparent about the data we use
We believe that transparency is essential to build trust. That's why we clearly share information about how we handle data security and confidentiality.
Cookie Statement
We only use cookies that are strictly necessary to operate the platform. Here is the complete list, with no unnecessary consent banner.
| Cookie name | Type | Purpose | Duration |
|---|---|---|---|
| nuxt-oidc-auth | Essential | Required to maintain the user session active. | 7 days |
| i18n_redirected | Preferences | Remembers the user's language. | 1 year |
| dashboard-sidebar-default | Preferences | Remembers the sidebar state (collapsed or expanded). | Session |
Data stored in the browser
Because there's more than just cookies... Here is the precise list of items recorded in your browser ("Local Storage").
| Key name | Type | Purpose |
|---|---|---|
| content_checksum_* | Essential | Contains the content of certain pages. Avoids unnecessary requests and ensures a smooth experience. |
| nuxt-color-mode | Preferences | Remembers the preferred color mode (light or dark). |
What we store in the database
Complete transparency on our practices: here are the types of data recorded in our database. All data in transit and at rest are systematically encrypted.
| Data type | Purpose | Retention period | Location | End-to-end encryption + zero-knowledge |
|---|---|---|---|---|
| User email | Used for authentication and communication. | Until account deletion. | IAM / Application / Payment Provider / Emailing | No |
| User password | Used for authentication | Until account deletion. | IAM | Not quite. We use argon2 to hash passwords, which is a very secure hashing method resistant to brute-force attacks. However, since it is a hash and not encryption, it is not possible to retrieve the original password, even for us. That's why we indicated 'No' for encryption, as the password is not encrypted but rather transformed into a secure hash. |
| First and last name | Used to personalize the user experience. | Until account deletion. | IAM / Application / Payment Provider / Emailing | No |
| User organization | Used to personalize the user experience. | Until account deletion. | IAM / Application | No |
| User public keys | Used for encrypting user data and ensuring platform security. | Until account deletion. | Application | No |
| User private keys | Used for decrypting user data and ensuring platform security. | Until account deletion. | Application | Yes (encrypted client-side with a password, therefore inaccessible to anyone other than the user) |
| Billing data | Required for payment processing and invoicing. | Legal minimum required for accounting | Payment Provider / Accounting | No |
| Transfer / Dataroom title | Used to identify and organize transfers and datarooms. | Until deletion of the transfer / dataroom. | Application | No |
| Transfer message | Used to provide additional information about transfers and datarooms. | Until deletion of the transfer / dataroom. | Application | Yes |
| List of members of a transfer / dataroom | Required to manage user access to transfers and datarooms. | Until deletion of the transfer / dataroom. | Application | No |
| File metadata | Stored to enable sharing and collaboration. | Until deleted by the user. | Application | Yes - except file size (encrypted / unencrypted) and the hash (sha256) of the file name in a dataroom to avoid collisions and manage versions of the same file. This data is necessary to ensure a smooth and secure user experience, while respecting data confidentiality. |
Frequently Asked Questions
Everything you need to know about security, compliance, and the features of the Retyc platform.
We selected Scaleway and Clever Cloud as infrastructure providers for their security maturity: both are certified HDS (Health Data Hosting) and ISO 27001. These certifications attest to the high level of security and compliance of their infrastructure.
We only use cookies that are strictly necessary for the operation of the platform, in accordance with CNIL guidelines. Therefore, we do not need to collect your consent through a cookie banner.
You can exercise your rights of access, rectification, erasure, restriction, portability, and objection by contacting us at [email protected]. We are committed to responding to your requests within the legally required timeframes.
We take security very seriously. If you have discovered a vulnerability, please inform us immediately. Please refer to our security.txt for details on how to contact us securely.