Compliance &
Data Security
Your data is handled with the highest level of security and compliance.
GDPR, Quebec Law 25, end-to-end encryption.
GDPR
General Data Protection Regulation (EU)
Gufaca is fully GDPR compliant. We process your personal data transparently, securely, and in accordance with your rights: access, rectification, erasure, portability. Each processing activity is documented and limited to strictly necessary purposes.
Quebec Law 25
Law on the protection of personal information
We comply with Quebec Law 25 requirements: explicit consent, privacy impact assessments (PIA), appointment of a privacy officer, and mandatory reporting of confidentiality incidents.
Secure Hosting
Canada / Europe / Vercel servers
Your data is hosted on secure servers located in Canada and Europe. We use Vercel (AWS infrastructure) with data residency guarantees. No data transfers to non-compliant jurisdictions.
Encryption
TLS 1.3, HTTPS everywhere, strict CSP
All communications are encrypted in transit via TLS 1.3. We enforce a strict Content Security Policy (CSP), secure HTTP headers (HSTS, X-Frame-Options), and encryption at rest for all databases.
DPA — Data Processing Agreement
Available upon request
Our Data Processing Agreement (DPA) complies with the European Commission's Standard Contractual Clauses (SCCs). We sign it with every enterprise client processing personal data through our services.
Compliance Contact
Questions? Our team is here to help
For any compliance-related questions, data security concerns, or to exercise your rights, contact our Data Protection Officer (DPO):
✉️ conformite@gufacaai.comOur commitments
Ready to transform your organization with AI?
Book a free 30-minute call to discuss your needs.