Your work data, in Europe. And it belongs to you.

Octopussian is a sovereign platform, self-hosted and operated, fully GDPR-compliant. Your work data falls exclusively under European law, and you retain full control over it.

  • French publisher, self-operated servers
  • Self-operated hosting and backups
  • Your data subject to European law only
  • European AI (Mistral), data processed in the EU

Hosted in Europe

Your data is hosted with OVHcloud, in datacenters located in France. Encrypted backups also remain there, across separate sites.

Data is replicated across multiple distinct physical sites, ensuring availability even in the event of a major incident at any one of them.

Most importantly, our servers and databases are operated directly by Octopussian: no third-party provider holds your work data in any usable form. You know exactly who holds it and under which law: Octopussian, under European law exclusively.

  • Datacenters located in France
  • Encrypted backups, replicated across multiple separate sites
  • Servers and databases operated directly by the publisher — no third-party access
  • Publisher: French SAS, subject to French and European law

OVHcloud datacenters hold certifications (including ISO/IEC 27001) specific to the hosting provider. Octopussian relies on this infrastructure.

Member of French Tech Grand Paris

Encrypted for you, unreadable to us

Beyond encryption in transit, sensitive data is encrypted at rest (AES-256, RSA, storage-side encryption, hashing). And for the most sensitive part — the password manager — we go further: a zero-knowledge model.

Only you hold the private key capable of decrypting your secrets. Even in the event of a breach on our servers, they remain unreadable. We cannot read your passwords.

  • End-to-end encryption (RSA 2048 + AES 256)
  • Zero-knowledge model for the password manager
  • Strong authentication (TOTP, passkeys)
  • Session duration control
Technical details

Your browser generates an RSA 2048-bit key pair. The private key stays on your device and is never transmitted. The public key is stored on our servers to enable sharing. Each password is encrypted in AES-256, and only your private key can decrypt it. This “zero-knowledge” model ensures that even Octopussian cannot access your data in plain text.

Password encrypted before being sent to our servers

Your data belongs to you

Our business is providing you with a platform — not exploiting your data. We don't sell it, rent it, or use it to train artificial intelligence models.

Never resold

Your data is never sold, rented, or shared with third parties for commercial or advertising purposes.

No AI training

Your content is not used to train AI models — neither ours nor those of third parties.

Portability

You can export your data and leave Octopussian whenever you want. No lock-in, no retention. How to export your data →

A Clear Framework

Here's what we're committed to.

GDPR

Your data is processed in compliance with GDPR: hosted in the European Union, encrypted in transit and — for the most sensitive data — at rest, never resold. You retain full control and export rights.

European Law

Octopussian operates its own servers: your work data falls exclusively under European law, beyond the reach of the Cloud Act. For transparency, only billing data passes through our payment provider Stripe, in compliance with GDPR.

European AI

AI processing relies on Mistral, hosted in the European Union. Your content never leaves the EU for these operations and is never used to train models.

eIDAS Signature

Electronic signature requests generate documents in PAdES format, at the eIDAS-B-LTA (Baseline Long-Term with Archival) conservation level, ensuring lasting legal validity.

Certified Hosting

Our infrastructure runs on OVHcloud data centers, which hold recognized certifications (including ISO/IEC 27001). These certifications apply to the hosting provider.

Your questions about security and data sovereignty

Where is my data stored?

In France, in OVHcloud's data centers. No data is stored outside the European Union. Backups are encrypted and distributed across multiple separate sites.

What is the Cloud Act, and does it affect me?

The Cloud Act is a US law that allows American authorities to demand access to data held by any company subject to US law, even when that data is stored in Europe. Octopussian operates its own servers in France, under European law exclusively — your work data is not subject to it.

Can Octopussian read my data?

Your communications are encrypted in transit, and the most sensitive data is also encrypted at rest. The password manager goes further: a “zero-knowledge” model where only you hold the private key. Your passwords remain unreadable to us, even in the event of a breach on our servers.

Is my data sold or used to train an AI?

No. Your data is never sold, rented, or shared for commercial purposes, and it is not used to train AI models. You remain the owner and can export it at any time.

Does the electronic signature have legal standing?

Yes. Our signatures are simple electronic signatures within the meaning of the European eIDAS regulation: they identify the signer and guarantee the integrity of the document.
Depending on the nature of the transaction, some use cases may require a qualified signature or a specific form — it is your responsibility to verify the required level for your specific use.