Security & Compliance

Security and compliance at the core of GetBill

Our clients' trust relies on concrete commitments: hosting in France, end to end encryption, full regulatory compliance.

GDPR, AI Act, sovereign hosting in France

Download our compliance pack Contact us
GDPR certified compliance
AI Act European framework compliant
AES 256 data encryption
France sovereign hosting

Personal data protection

Hosted in France

Primary infrastructure and storage in France (AWS Paris, ISO 27001 certified at infrastructure level). AI subprocessors are governed by EU Standard Contractual Clauses (SCCs).

Dedicated DPO

A Data Protection Officer oversees all our data processing activities and responds to your requests.

Retention periods

Data is retained only for the duration of the collection process, then deleted in compliance with regulations.

Data subject rights

Right of access, rectification, objection and erasure. Every debtor can exercise their rights at any time.

AI Act

Compliance with European AI regulation

The European AI Act regulates the use of AI systems based on their risk level. GetBill already applies the requirements corresponding to its classification.

System classification

Our AI collection agent is classified as a limited risk system under the European AI regulation. We apply the corresponding transparency obligations.

Transparency

Every debtor is informed they are interacting with an artificial intelligence system from the start of the call. No deception about the nature of the caller.

Documentation

AI processing register, impact assessments, technical documentation: we maintain a complete AI Act compliance file.

A trusted infrastructure

Servers in France

Hosted on AWS Paris cloud infrastructure (ISO 27001 certified), located in France.

Encryption

End to end encryption at rest and in transit. Sensitive data protected to cloud security standards.

Availability

Continuous monitoring, automatic alerts and disaster recovery plan to ensure high availability.

Backups

Daily encrypted backups, 7 day retention.

Transparency on automated calls

  • Each call begins with clear identification of the AI system
  • The debtor can request a callback or transfer to a human advisor
  • Calls are recorded with prior consent
  • Recording retention period: 6 months
  • Right to access recordings on simple request
  • Call hours comply with regulations (not before 8am, not after 8pm, not on Sundays)

Our commitments

GDPR Compliant

AI Act Ready

Hosted in France

End to end encryption

FAQ

Frequently asked questions

In France, on AWS Paris infrastructure (ISO 27001 certified). AI subprocessors are governed by EU Standard Contractual Clauses.

End to end encryption at rest and in transit, role based access control, complete audit trails.

Yes, with consent. The debtor can object to recording. Recordings are retained for 6 months then deleted.

Yes. Our system is classified as limited risk. We apply transparency obligations and document our AI processing activities.

Yes. On request, we provide a pack including our security policy, certifications, DPIA and GDPR commitments.

By email to contact@getbill.io. We respond within 30 days in accordance with GDPR.

Need additional assurance?

Our compliance team is available to answer all your questions

Quick deployment No commitment GDPR & AI Act compliant
Book a demo View our case studies

They integrate with GetBill

Stripe
Axepta BNP Paribas
Google Workspace
Microsoft
Brevo
Mailjet
SendGrid
Mailgun
Postmark
Scaleway
OVHcloud
Infomaniak
Stripe
Axepta BNP Paribas
Google Workspace
Microsoft
Brevo
Mailjet
SendGrid
Mailgun
Postmark
Scaleway
OVHcloud
Infomaniak