Trust Center

🇨🇭 Your sales data stays in Europe. Period.

Continuum Business is operated by Continuum Identity, a French company. Servers in Switzerland at Infomaniak. No US parent. No Cloud Act. No Schrems II nightmare.

Where your data lives

Default: Switzerland. Expansion to FR / EU available on request for Enterprise.

CountryProviderRegionStatusCertification
SwitzerlandInfomaniakGenevaActive — default for all customersISO 27001
FranceOVHcloud / ScalewayParis / RoubaixAvailable on request — EnterpriseISO 27001 + SecNumCloud
EU (multi-region)Hetzner / OVHFrankfurt / StrasbourgAvailable on request — EnterpriseISO 27001

Sub-processors

Every third party that may process your data is disclosed below. We notify customers 30 days before any change.

Sub-processorPurposeLocationTransfer mechanism
InfomaniakPrimary hosting (compute, storage, backups)SwitzerlandNone — data stays in CH
StripePayment processingIreland (EU) + USAStandard Contractual Clauses + UK IDTA
Twilio SendGridTransactional email deliveryUSAStandard Contractual Clauses + EU-US DPF
CloudflareDDoS protection + Turnstile captchaUSAData Processing Addendum + EU-US DPF
SentryError monitoring (EU data region)Germany (EU)None — EU region selected
Cal.comDemo booking (self-hosted at CID)SwitzerlandNone — self-hosted

Certifications & frameworks

Where we are, and where we're going.

GDPR ready

Live

DPA at signup, data subject rights honoured, sub-processors disclosed, sovereign hosting.

Swiss nDSG

Live

Compliant with the Swiss Federal Act on Data Protection (revised 2023).

ISO/IEC 27001

In progress (target Q4 2026)

Information security management system certification — audit scheduled.

SOC 2 Type II

Roadmap (2027)

Available on request for Enterprise customers in the meantime.

Sovereignty FAQ

Are you exposed to the US Cloud Act?

No. Continuum Identity is a French company with no US parent. Our primary infrastructure is hosted in Switzerland at Infomaniak in Geneva — chosen for its privacy posture and ISO 27001 footprint. Sub-processors that operate from the US (Stripe, SendGrid, Cloudflare) handle peripheral functions only and never store your CRM data.

What happens if I leave?

Full export in standard formats (CSV, JSON, PDF for quotes) at any time. Data is deleted within 30 days of termination. No exit fee.

How is my data encrypted?

TLS 1.3 in transit, AES-256 at rest, encrypted backups. Database column-level encryption for sensitive fields (planned for Sprint 8 of cid-crm).

Can I require France or EU residency?

Yes — available for Enterprise tier on request. We provision a tenant on a French (OVH/Scaleway) or German (Hetzner) cluster.

Can I audit your security?

Enterprise customers can request a security questionnaire (CAIQ format), pen-test summaries, and on-site audits with NDA. Smaller customers receive our public Trust Center documentation.

Read the full DPA.

Self-service Data Processing Addendum, downloadable, signed at trial signup.

Download DPA templateTalk to our DPO