Where is ViaDialog’s data hosted?

Our services are hosted exclusively in France, in multiple data centers certified ISO 27001, ISO 22301. No transfers outside the EU are made without the explicit consent of the client.

Does ViaDialog use sovereign technologies?

Yes. Our entire technology stack is 100% proprietary, hosted in France, and operated by our internal teams. We do not rely on any critical components from non-European vendors.

Does ViaDialog operate a micro-services architecture?

Yes. Our platform is built on a micro-services architecture, providing: • strong isolation between modules, • smooth and elastic scaling, • updates without service interruption, • minimal impact in the event of a localized incident.

What does “triple active” mean in your infrastructure?

ViaDialog uses a multi-site active-active-active model, enabling: • geographic redundancy, • service continuity even if one site fails, • permanent synchronization of critical services. This approach ensures a high level of availability without disclosing sensitive internal architecture.

How does ViaDialog protect data in transit and at rest?

All data is encrypted in transit (modern HTTPS/TLS) and encrypted at rest using robust, non-deprecated algorithms.

Who has access to the data?

Access is strictly limited to: • authorized personnel only, • based on a strict need-to-know principle, • with strong authentication (SSH keys, certificates, secured VPN access). By default, we do not view or process customer data outside the contractual scope.

Is ViaDialog certified or aligned with security standards?

ViaDialog adheres to the requirements and best practices of leading standards: • ISO 22301 (Business Continuity – certified since 2018), • ISO 27001 / 27002 (security management framework), • GDPR (dedicated internal DPO)

How do you manage service continuity and incidents?

We maintain both a Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP), including: • continuous monitoring, • multi-datacenter redundancy, • duplicated backups, • standardized intervention procedures, • proactive anomaly detection. Incident handling follows ISO 22301-aligned processes.

Do you use a DPO and a formal GDPR governance framework?

Yes. An internal DPO oversees all privacy practices, including: • data minimization, • privacy-by-design, • processing activity records, • management of sub-processors, • responses to data-subject rights.

Do you offer contractual guarantees on security?

Yes, including: • a full GDPR Data Processing Annex, • a detailed Security Assurance Plan, • confidentiality commitments, • the possibility of audits (subject to NDA).

How do you limit risks linked to call recordings and logs?

We apply a strict data-minimization policy by default: • call logs contain no private information, • clients can reconcile reports using a unique identifier, • any additional data enrichment is activated only upon explicit request.

Do technical updates cause service interruptions?

Our micro-services architecture enables: • continuous deployments, • fast rollback when required, • most updates performed without service disruption. Rare interventions requiring downtime are scheduled outside business hours.