Your documents stay in Europe. Always.

Holofin processes financial documents exclusively on EU infrastructure. No exceptions.

EU Data Only
GDPR Compliant
99.9% Uptime

Where your data lives

All documents are processed and stored on Google Cloud's Paris and Frankfurt regions. We never transfer data outside the European Union. Your data inherits Google Cloud's security certifications, including ISO 27001 and SOC 2.

How we protect it

Every document is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access requires SSO with SAML support, and we enforce MFA across all accounts. Every operation is logged for audit purposes.

We follow the principle of least privilege. Role-based access controls ensure team members only see what they need. Credentials are managed through Google Cloud Secret Manager, never hardcoded.

What we don't do

We never use your documents to train AI models.

We never share data with third parties beyond our EU-based sub-processors.

We never retain documents longer than you specify.

We never transfer data outside the European Union.

Need documentation?

We're happy to provide our security overview, Data Processing Agreement (DPA), or sub-processor list. Just ask.

Request documentation

Common questions

All data is stored in Google Cloud's EU regions (Paris and Frankfurt). We use multi-region redundancy with automated failover to ensure availability.
Default retention is 30 days, but this is configurable per contract. Documents are securely deleted following NIST SP 800-88 standards.
Only authorized personnel with a legitimate business need. Access is controlled through role-based permissions, requires MFA, and is fully logged.

Security inquiries: [email protected]

Data Protection Officer: [email protected]