Claude (Anthropic)
Connect your Anthropic key. Your prompts go through your account, under your contractual terms.
Security & privacy
Your sensitive documents, in safe hands.
EryonOne is built for healthcare industries. Here are the measures, the commitments, and - above all - what we do not have yet.
0
documents used for training
ZDR
in progress with the major AIs
SHA-256
tokens hashed at storage
01 AI & data
Your AIs, your keys.
EryonOne does not lock you into a model. You connect the AIs you have already chosen - data flows through the provider you selected.
ChatGPT (OpenAI)
Connect your OpenAI key. Same terms: your account, your control, your billing.
Mistral (EU sovereign)
European hosting. Ideal for sensitive uses or strict GDPR frameworks. Configurable depending on your scope.
Open source on request
Llama, Qwen, Mixtral, or a model deployed at your premises (on-prem). We integrate according to your technical context.
ZDR in progress
Zero Data Retention request in progress with the major AIs. Goal: no retention on the provider side, even temporary.
No training
Your documents serve your review. Full stop. Nothing is used to train a model, neither on the EryonOne side nor the providers' (subject to ZDR).
02 Day to day
What protects your data at every moment.
Encryption in transit
All communications with EryonOne are encrypted end to end. No traffic travels in clear.
Documented main infrastructure
Main infrastructure 3DS OUTSCALE. AI processing may involve third-party providers depending on the use case.
Protected sessions
Your sessions are isolated from JavaScript and protected against XSS and CSRF attacks.
Secure passwords
No password is stored in clear. Even full access to our database would not allow them to be recovered.
Anti brute-force
Repeated login attempts are automatically slowed down then blocked.
Strict partitioning
Each record scoped per account. A user cannot access another's data, even by forging a URL.
03 Your rights
GDPR, no doublespeak.
An email to contact@eryon.eu and we reply within 1 month (GDPR article 12).
Access, rectification, deletion
View, edit or delete your data at any time. Permanent deletion propagated to backups within 30 days.
No resale
No monetisation of your data. Exhaustive list of processors in the privacy policy.
Audit log
Admin actions and critical operations traced with actor, timestamp and metadata. Exportable on request.
CNIL as recourse
You can refer the matter to the CNIL at any time if you believe your rights are not respected.
04 Radical honesty
What we do not have - yet.
We would rather tell you than display logos we do not hold.
External certifications
No ISO 27001, SOC 2, HDS or SecNumCloud yet on the EryonOne side. Our host Outscale holds them on its dedicated offers. No recent external penetration test nor public bug bounty programme. If one of these certifications is a blocker for you, let's talk before starting.
Security work in progress
Hashing of email verification tokens. Extension of the audit log to authentication events. Study of encryption at rest. ZDR in progress with the major AIs. Everything is planned and reflected in the public roadmap.
FAQ - Security & privacy
Which AIs does EryonOne use?
You choose. EryonOne orchestrates your Claude, ChatGPT or Mistral key. For open source models (Llama, Qwen, Mixtral) or on-prem deployment, it is on request.
Are my documents used to train a model?
No. No client document is used to train a model, neither on the EryonOne side nor the providers' when ZDR is enabled. Commitments to be verified contractually per provider.
What is ZDR (Zero Data Retention)?
A contractual commitment with the major AIs so that no data sent is retained, even temporarily. Request in progress on the EryonOne side for your uses.
Where are my documents hosted?
Main infrastructure 3DS OUTSCALE (France). AI calls go out to the provider you configured.
Do you have an ISO 27001, SOC 2, HDS certification?
Not yet on the EryonOne side. Our host Outscale holds these certifications on its dedicated offers. If a certification is a blocker, we discuss it before starting.
How does data deletion work?
Permanent deletion within 30 days, propagated to backups. Request by email to contact@eryon.eu (GDPR article 12).
Are passwords in clear anywhere?
No, never. Passwords are irreversibly hashed before storage. Even full access to the database would not allow them to be recovered.
What happens in case of brute force?
Repeated login attempts are automatically slowed down then blocked.
A security, AI or GDPR question?
Write to us directly.
CIO, CISO, DPO: we answer precisely, without sales talk. Detail your need and context, we get back to you within 48 business hours.