Hosted in France
The application and the database run on a VPS in Paris; DNS is at OVH (Roubaix). The host is named — not hidden behind a vague “European cloud”.
— The facts
Six things you can check.
Scheduling data stays in the EU
The primary database and its backups never leave the European Union. The few sub-processors that may transfer data (Stripe for payments, for example) are listed by name in the privacy policy.
Encryption at rest
Your calendar OAuth tokens are encrypted at rest (AES-256-GCM), passwords are bcrypt-hashed, and every public surface is served over HTTPS.
Your data is portable (Art. 20)
Export everything — bookings, contacts, event types — in a machine-readable format, self-serve from your settings.
Right to erasure, self-serve
Delete your account from Settings → Danger zone. Primary systems are cleared within 30 days; encrypted backups age out after 90.
Minimisation by default
Unconverted leads auto-purge after 90 days, server logs after 30. No ad trackers, no resale — no third-party cookies.
— Sub-processors
Who processes what
Every sub-processor — hosting, email, payments, monitoring — is listed by name in the privacy policy, with its purpose and region. If we add one, the list changes the same day.
See the sub-processor listWhat we don't claim
No “sovereign cloud” badge, no certification we don't hold. What's on this page can be checked — in the product, in the privacy policy, and in writing at privacy@caledee.com.