Your strategic content deserves infrastructure that matches.

Exclusively EU-hosted infrastructure

Our entire infrastructure runs within the European Union:

• Database & storage — Supabase EU (Frankfurt / Paris regions)
• Application server — Railway EU (Western Europe region)
• Collaborative editing — WebSocket server hosted in Europe

No customer data leaves the EU for application processing. Inference requests to model providers are made with explicit training opt-out flags on the provider side.

Your data never trains a model

We never reuse your templates, prompts, presentations or metadata to train or fine-tune any model, whether internal or operated by a partner.

All calls to partner LLMs (OpenAI, Anthropic, Mistral) are made with data_retention and training_opt_out flags enabled. Request logs are retained strictly for billing and observability purposes, then purged according to our retention policy.

Strict organisation-level isolation

Each customer organisation has a dedicated isolated space enforced at the database level via Postgres Row Level Security. No query can cross organisation boundaries — by design.

Roles (administrator, editor, external consultant) are managed granularly and audited. A user removed from an organisation loses access immediately, with no residual access.

The technical foundations

• Encrypted in transit — TLS 1.2+ everywhere, strict HSTS with preload
• Encrypted at rest — AES-256 on the database and object storage
• Security headers — Strict CSP, X-Frame-Options DENY, strict-origin Referrer-Policy
• Authentication — Supabase Auth (ES256-signed JWTs), short sessions, automatic rotation
• Rate limiting — On all public surfaces (sign-up, login, API)
• Observability — Error tracking, access logging, automated alerting

An internal security audit covering 13 cybersecurity domains was conducted in April 2026; priority fixes were applied across all environments.

Your rights, enforceable on request

• Right of access — Full data export on request at contact@logitopia.fr
• Right to erasure — Permanent deletion of your organisation and all its content within 30 days
• Portability — Your templates and presentations can be exported in open formats (.pptx, .pdf) with no lock-in
• Sub-processors — Exhaustive list of technical sub-processors provided on request as part of a DPA

Paul is published by Logitopia SAS, a French legal entity subject to GDPR and French law.

What we are building for enterprise accounts

• Enterprise SSO — Microsoft Entra (Azure AD), Google Workspace, Okta via SAML 2.0 / OIDC
• SCIM — Automated user and role provisioning
• Dedicated audit log — Exportable audit trail for internal compliance
• Certifications — ISO 27001 and SOC 2 Type II certification in progress

These features are available on request as part of an Enterprise engagement. Let's discuss your requirements during a personalised demo.