Aegirex does not merely announce commitments : French hosting, open source code, HMAC audit chain, documented sub-processors, data never resold. Each commitment is rendered independently verifiable, whether by reading the AGPL-3.0 code, running a public command, or reading an opposable DPA or legal notice. This page summarises what you can check for yourself, without trusting us.
Six operational commitments that guide the architecture and governance of Aegirex. Each is concretely verifiable, whether by reading the public repository, running a command, or reading the opposable DPA.
The full source code is published under the AGPL-3.0 licence, including paid features. No hidden proprietary build, no security feature reserved for an opaque tier. Auditable line by line, forkable, deployable on the operator of your choice.
The SaaS infrastructure is hosted in Paris across three availability zones, including one in a nuclear-bunker datacenter. No data path goes through a non-European jurisdiction for the managed services. Self-hosting available everywhere thanks to AGPL-3.0.
Exhaustive public list, updated at every change, 30-day notification before adding a new sub-processor with a justified right of objection. No sub-processor holds users' private keys, by zero-knowledge construction.
Customer data is never resold, transferred, or made available to any advertising actor, nor used to train a model. The business model rests exclusively on paid subscriptions for the Team, Business and Enterprise plans.
Secrets are encrypted in the browser via OpenPGP.js v6 before any server transmission. The private key never leaves the user's device. A judicial requisition could only obtain unusable encrypted blobs.
Every sensitive action is sealed by a chained HMAC-SHA-256. A public command lets an external auditor confirm the integrity of the log without depending on a vendor binary. Any retroactive tampering is detected by recomputation.
Precise status of Aegirex against the main French and European frameworks. Without euphemism : what is obtained is listed, what is targeted is called targeted, what is on the roadmap is announced as such.
| Framework | Aegirex status | Justification | Reference |
|---|---|---|---|
| RGPD (Règlement UE 2016/679) | Natively compliant | Zero-knowledge architecture, Art. 15/17/20 rights tooled in the console, designated DPO, public and opposable standard DPA. | Public DPA |
| SecNumCloud | Targeted trajectory | Partner host undergoing SecNumCloud qualification. Immediate self-hosting on a third-party SecNumCloud-qualified operator already possible today via the AGPL-3.0 licence. | ANSSI documentation |
| HDS (Hébergement de Données de Santé) | On request | Partner HDS host available on request for healthcare-sector customers. Self-hosting on your own qualified HDS host available today. | Contact us |
| OIV / NIS2 | Compatible | Air-gap deployment capability, AGPL-3.0 code auditable down to the crypto layer, opposable HMAC audit chain, SIEM export CEF/LEEF/OCSF/Syslog. | Self-hosting |
| ISO 27001 | Roadmap | ISO 27001 audit planned at the launch of the Enterprise plan. Not yet engaged to date : we prefer to state it plainly rather than display it as in-progress without a schedule. | - |
Natively compliant means the Aegirex architecture meets the requirements without additional configuration. Targeted trajectory means work is engaged with an internal schedule, without certification yet obtained. On request means a partner host can be mobilised on a case-by-case basis. Compatible means the architecture allows compliance when the customer organisation carries the regulatory perimeter itself. Roadmap means a longer-term commitment is taken, conditional on an identified product milestone.
Exhaustive list of technical sub-processors. None has access to secrets in clear, by zero-knowledge construction : the OpenPGP blobs transiting through the infrastructure are opaque to the server and its operators alike.
| Sub-processor | Role | Country | Data processed | DPA |
|---|---|---|---|---|
| Scaleway (operator on SecNumCloud trajectory) | Infrastructure hosting (3 availability zones, including nuclear-bunker datacenter) | France | Encrypted OpenPGP blobs + technical metadata | DPA signed |
| Brevo | Transactional emails (signup, sharing, audit alerts) | France | Recipient email address only | DPA signed |
| Stancer | Payment for paid Team, Business and Enterprise plans | France | Billing data (registered name, address, email) | DPA signed |
| DB-IP | IP geolocation database (enrichment of new sign-in alert emails) | Belgique | IP address processed locally (never sent to DB-IP) · CC-BY 4.0 attribution | Delivered database, local processing |
Every new sub-processor is subject to a 30-day notification before entering production, with a justified right of objection for the Data Controller. The above list is kept up to date and opposable as is in the public standard DPA.
Four routines run continuously by the Aegirex team. Beyond the cryptographic architecture, security relies on daily operations : backups, rotation, monitoring, continuity.
Full encrypted backups on the server side, deposited on off-site replicated object storage. Restoration tested every month on a dedicated environment. Rolling retention of 35 days standard, 1 year on Business, 5 years on Enterprise.
The audit-chain HMAC key is rotatable without loss of historical verifiability, thanks to the sealing of the old key by the new one. Documented procedure, rotation traceability recorded in the chain itself.
Synthetic probes, infrastructure alerting, operational security supervision. 24/7 on-call from the Business plan onwards, contractual SLA 99.5 % standard, negotiable on Enterprise.
Documented business continuity plan covering the loss of an availability zone, the loss of the main host and the code and data escrow scenario for Enterprise customers. RTO/RPO formalised and shared on request as part of an accompanied CISO audit.
Four publications maintained by Aegirex for the benefit of the community, customers and security researchers. None is mandatory : each is a deliberate stance in favour of independent verifiability.
Public GitHub repository, full code including Business features. Community pull requests accepted, external contributors credited.
github.com/aegirex/aegirex →
STRIDE and LINDDUN model per component, scenarios covered and accepted trade-offs listed without euphemism. Updated at every major architecture change.
Read the threat model →
Detail of the primitives used (OpenPGP.js v6, Argon2id RFC 9106, AES-256-GCM SEIPDv2, HMAC-SHA-256). One RFC for every choice, nothing opaque.
Read the crypto stack →
Production incident history published on the Status page, public post-mortems for major incidents. A dedicated page to come will centralise everything.
Aegirex is operated by an independent French company, led by its founder. No venture capitalist, no pivot planned, business model based exclusively on customer subscriptions.
ARDNTECH EI is a French company led by Adrien Chaumarat, with over 10 years' experience in B2B SaaS software publishing. No venture capital on the cap table, no strategic pivot planned : the project is funded exclusively by its customers' subscriptions. This capital independence directly conditions the stability of the commitments stated on this page (sovereignty, AGPL-3.0, refusal to resell data, compliance trajectory).
Read the public standard DPA, review the AGPL-3.0 code, run the audit-chain verification on an extract of your instance, discuss your regulatory framework with the team. Aegirex supplies the evidence; your team forms its own opinion.
