Skip to main content
Petanque Life
Enterprise-Grade Security

Security & Privacy

Your data deserves enterprise-grade protection. We build security into every layer of the platform.

GDPR Compliance

We are fully compliant with the EU General Data Protection Regulation. Your rights to access, portability, and erasure are built into the platform.

  • Data Subject Access Requests (DSAR) via self-service portal
  • Right to erasure — complete data deletion on request
  • Data portability — export your data in standard formats
  • Consent management with granular opt-in/opt-out controls
  • Data Processing Agreements available for all federations

Data Hosting & Infrastructure

All data is hosted in Microsoft Azure data centers within the European Union, ensuring data sovereignty and low-latency access.

  • Azure North Europe (Ireland) — primary data center
  • Automatic geo-redundant backups with point-in-time recovery
  • SOC 2 Type II and ISO 27001 certified infrastructure
  • 99.95% uptime SLA backed by Azure guarantees
  • Tenant data isolation — each federation in its own logical partition

Encryption & Data Protection

Data is encrypted at rest and in transit using industry-standard cryptographic protocols.

  • TLS 1.3 for all data in transit
  • AES-256 encryption for data at rest
  • JWT ES512 (ECDSA P-521) for authentication tokens
  • Webhook signatures verified with HMAC-SHA256
  • No sensitive data in logs, URLs, or error responses

Authentication & Access Control

Multi-layered authentication with fine-grained access control ensures only authorized users access the right data.

  • Multi-factor authentication (TOTP, WebAuthn/passkeys)
  • OAuth 2.0 with PKCE for third-party integrations
  • Role-based access with capability-level permissions
  • Machine-to-machine tokens for API integrations
  • Fresh-auth required for sensitive operations

Privacy by Design

Privacy is not an afterthought — it is a core design principle throughout the platform.

  • Privacy-respecting analytics (Plausible — no cookies, no tracking)
  • Minimal data collection — we only store what is needed
  • Structured audit logging for all data mutations
  • Configurable data retention policies per federation
  • Transparent privacy policy with plain-language explanations

Compliance & Certifications

We follow industry best practices and maintain compliance with relevant regulations.

  • GDPR compliant (EU General Data Protection Regulation)
  • OWASP Top 10 security review on every release
  • Dependency auditing with automated vulnerability scanning
  • Regular penetration testing by independent security firms
  • Responsible disclosure program for security researchers

Questions About Security?

Our team is happy to discuss your security requirements and how Petanque Life can meet them.

Contact Us View Privacy Policy

Data Processing Agreement

Download the current DPA template (GDPR art.28) signed with every federation.

Current version: 2026-04
View DPA online Download DPA (PDF)

Sub-Processor Register

Full list of third-party providers that process personal data on behalf of Petanque Life.

View sub-processor register Change history & RSS