We have chosen to host Journey’s data on Amazon Web Services (AWS).
What is Data Hosting?
Our Journey solution, like any digital service, operates using servers that store the information necessary to provide the service. These servers can be managed either directly by us or by a specialised company known as a host. The host has storage space which they make available to their clients via the internet (commonly referred to as the cloud).
The role of the host is to set up, maintain, and manage their servers. Just because they own the servers does not grant them the right to access the stored data. There are a few exceptions, governed by law (notably in cases of valid warrants or court orders), which the host cannot evade.
What Data Is Involved?
All data used in Journey, including your contacts’ information and their responses, are affected. Some of this data (personal data) is even more critical, and we must secure it as best as possible.
What is AWS?
AWS stands for Amazon Web Services, the leading global cloud host (with a 31% market share in 2023). Established in 2006, AWS hosts services for French entities such as the Ministry of the Interior, EDF, Veolia, and SNCF.
Why Choose AWS?
Just like you, we want reliable service from our providers, aiming for the highest possible availability rate. As of now, AWS is one of the most reliable providers. Their contract allows for reductions if their availability drops below 99.99% (which translates to less than 5 minutes of downtime per month).
- Offered Services and Flexibility
AWS provides numerous services that simplify our operations and allow us to optimise our solutions. For example, we use services like EC2, S3, RDS, CloudWatch, Config, RabbitMQ, Transfer Family, and CloudFront.
We also require flexibility regarding both services offered and server capacity. With AWS, we can increase the number of resources we use in just a few minutes to ensure optimal performance.
As a French company collecting personal data on behalf of our clients, we are subject to the General Data Protection Regulation (GDPR). Since AWS acts as a subcontractor of Vocaza, it is also subject to GDPR regulations.
The nationality of AWS or the location of the data does not change this point. Our data is stored in Paris and cannot be transferred elsewhere without our consent.
- Health Data Hosting Certification
AWS is certified as a “health data host” by the French Agency for Digital Health, which is linked to the Ministry of Health. To obtain this certificate, which must be renewed every three years, AWS underwent a certification procedure as a health data host, similar to other certified hosts to whom we might entrust data, whether they are French, American, or based in another country.
It’s important to note that Vocaza itself is not certified as a “health data host”; only our host holds that certification.
Additional Measures
We encrypt all data hosted on AWS, technically limiting the exploitation of the data by individuals who might gain authorised (e.g., court order) or unauthorised access.
- Elements Beyond Our Control
There are certain aspects we cannot control, such as the transparency of the host, the laws of their country of origin, and the control the host has over their servers and the access they may grant to third parties. These factors are not specific to AWS but apply to all hosts.
What we can confirm is that AWS is among the providers that are continuously audited and holds numerous stringent certifications that indicate a priority on security (see here for more information: https://aws.amazon.com/en/security/)
Regardless of the chosen host, data encryption is the most effective measure we can implement to prevent data disclosure.
