Your decisions are sensitive. We treat them that way.
CollabVyn is incorporated in France, hosted on EU infrastructure, and designed with data minimization as a first principle. Architecture decisions contain competitive and organizational context — we don't take that lightly.
GDPR Compliance
CollabVyn is incorporated in France and designed with GDPR compliance built in. Data Processing Agreements (DPAs) are available on request for all plans. The Company plan includes a standard signed DPA. We act as a data processor for your team's content and a data controller for account data.
EU Data Storage
All customer data is stored in EU-region infrastructure (France and Germany). No data is transferred outside the EU for processing. Company plan customers receive written EU data residency guarantees with their subscription agreement.
Encryption in Transit & at Rest
All data in transit is encrypted with TLS 1.3. Data at rest is encrypted with AES-256. Workspace tokens (Slack OAuth, Notion API keys) are stored encrypted at the infrastructure level with key rotation every 90 days.
Access Controls
Workspace-level permissions with role-based access (admin, editor, viewer). Channel-level scoping — you choose exactly which Slack channels and Notion spaces CollabVyn can read. SSO/SAML available on Company plan. All access changes are audit-logged.
Data Minimization
CollabVyn only reads content from the specific channels and pages you authorize. We extract decision signals and store summaries — not raw message content. We don't index, store, or process content outside the decision-capture scope you define.
Audit Logs
Company plan includes full audit logs — every admin action, every integration permission change, every export request, every user access event. Logs are immutable and available for 12 months. Export via API or CSV.
Security questions?
For security disclosures, DPA requests, or compliance questions, contact us at [email protected]. We respond to all security inquiries within 24 hours.
CollabVyn is a growing team. We're not SOC 2 certified or ISO 27001 audited — we're honest about that. Our controls are built with SOC 2 Type II principles in mind, and we intend to pursue formal certification as the product scales. If compliance certification is a hard requirement today, talk to us — we'll give you a straight answer about where we are.