What is our private policy :
* technically : protect your data by using up to date operating system and softwares, by using last encryption system to communicate (between your devices and nextcloud instance and between nextcloud instance and backup server), by using multi security technology (firewalling, Data lost prevention, IPS, remediation software) and finally to apply best practice security architecture (by ANSI : french security agency).
We don't have cloud certification : because it's to expensive, and far from the open minded state of our job.
* legacy : We use server provider depending on customer services because applied laws are depending where data are stored. For european citizens, we used instances located in France. We can instance services in USA, Canada, Great Britain, India, Singapore and Russia. For information, in Europe, GDPR (Global Data Protection Regulation) applied in 2018 strengthen the obligations to cloud provider to follow adequate process and give security information to autorities.
* our state of mind and the way we work for our customers : we want to give the best quality opensource software, to give access to anyone, and to give the best state-of-the-art security design. We don't use customer data for a commercial use (no big data, no data resale). Reversibility is possible at anytime : you keep your data for your own, we delete it after you close your order.
declaration to the CNIL n° 2015718 v 0