Your data is safe

Evalmee is hosted exclusively by certified providers based in France: Scaleway and AWS France. No data is ever transferred outside the European Union.

All customer data is encrypted in transit and at rest:

• In transit: HTTPS protocol (TLS 1.2 / TLS 1.3) across all traffic
• At rest: AES-256 encryption for sensitive data, hashing for passwords

Our infrastructure is built with a defense-in-depth approach:

• All services run behind Cloudflare (built-in DDoS protection, rate limiting)
• Virtual private cloud (VPC) with firewall controlling inbound and outbound traffic
• Server access limited to authorized team members via SSH key (no password)
• Automated monitoring for software component vulnerabilities (CVE)
• Team trained on OWASP Top 10 vulnerabilities (regular code and infrastructure audits)

Evalmee uses artificial intelligence (OpenAI) to power certain features. Our commitments:

• No personally identifiable customer data is ever sent to OpenAI or any other third-party AI provider
• Your data is never used to train AI models
• AI calls are limited to non-personal content (question text, MCQ structure)

We only share your data with partners strictly necessary to deliver the service. View the full list of our sub-processors

We offer a Data Processing Agreement (DPA) compliant with GDPR requirements, clearly defining the respective responsibilities for the protection of personal data.

To obtain a signed copy, contact us.

Evalmee is fully compliant with the General Data Protection Regulation (GDPR). We are committed to:

• Processing only data strictly necessary to deliver the service
• Guaranteeing your rights of access, rectification, portability and deletion
• Never transferring any data outside the European Union
• Notifying competent authorities in the event of a data breach

To exercise your rights or for any question regarding your data, contact us.