Sécurité chez RequestLoops

RequestLoops traite des documents pour le compte de comptables, architectes et autres cabinets professionnels. Cette page résume comment les données sont chiffrées, stockées, consultées et supprimées.

Encryption

All RequestLoops traffic is over TLS. Files and database records are encrypted at rest. Backups are encrypted and retained for up to 90 days post-deletion.

Hosting and regions

RequestLoops runs in two regions, FR (Paris) and AP (Tokyo), with single-tenant Postgres per region (as of 2026-05-08). Data is stored in the region selected at signup and does not leave that region for storage purposes.

Access control

Account holders sign in via OAuth with Google or Microsoft — RequestLoops does not store passwords. Recipient access is via tokenised portal links scoped to a single recipient and revocable at any time.

Audit logs

Every reminder, submission, role change and request action is timestamped and recorded per item. Audit history is exportable on request.

GDPR and PIPA alignment

RequestLoops handles personal data under GDPR (EU/EEA) and PIPA (South Korea) principles. Data subject rights — access, rectification, erasure, portability — are supported. See the privacy policy for the full breakdown.

Incident response

We monitor production via Sentry and structured logging. In the event of a data breach affecting your data, we notify you and the relevant authorities as required by applicable law.

Security questionnaire

For procurement-grade security review, contact us for a security questionnaire and DPA.