Why this page exists
Editorial tools handle two kinds of sensitive data: yours (drafts, briefs, still-confidential ideas, internal documents) and your readers' (email addresses, preferences, reading behaviour). A platform that does not treat both families seriously has no place in a professional team.
Here are our commitments, in plain language, without jargon.
European hosting
All services that handle your data are hosted in Europe, with a provider subject to European law. Concretely, this means your data does not leave the European Economic Area without your consent, and no extra-European jurisdiction can access it by default.
This is a structural choice, not an option. It has a cost, but we believe the trust it enables justifies that cost.
GDPR compliance
GDPR governs how we collect, store and use personal data. We comply on the key points:
- Minimisation: we collect only what is strictly necessary for the service.
- Purpose: every piece of data has a reason to be stored, and we don't repurpose it.
- Retention: data is kept for the necessary duration, then deleted.
- Rights: access, rectification, deletion, portability — all GDPR rights are accessible from your account.
Access control
Within your organisation, you decide who can do what. We offer several permission levels (read, write, approval, administration) and a role system that lets you separate what should be separated: writers don't need to see billing, administrators don't need to edit briefs.
This granularity matters as the team grows. A tool that doesn't distinguish roles becomes a risk past three or four people.
Strong authentication
We support two-factor authentication and strongly recommend enabling it on all administrator accounts. The password alone is no longer sufficient protection in 2026, and we won't pretend otherwise.
OAuth sign-in (Google, Apple) is also available to ease day-to-day use without compromising security.
Encryption
Data exchanged between your browser and our servers is encrypted in transit. Stored data is encrypted at rest. This doesn't exempt us from every other good practice, but it's a non-negotiable foundation.
Transparency
In the event of a security incident, we commit to inform you quickly and honestly. No corporate fog, no minimisation: direct information lets each side take appropriate measures.
It is an easy promise to make and a hard one to keep. We prefer to write it here rather than quietly forget it.
And beyond?
Perfect security does not exist. Our job is to reduce risks as far as possible, stay vigilant, and acknowledge that what was sufficient yesterday won't be sufficient tomorrow. It's continuous work.
For specific questions about our practices, contact us through the dedicated form.