How Affluences protects your data: transparency, sovereignty and security at the heart of our services

In a context where public and private institutions increasingly face cybersecurity requirements, GDPR compliance and digital sovereignty, data protection has become a central issue.

At Affluences, we handle millions of data points daily — related to attendance, bookings or user access.

This responsibility requires total transparency about our practices and a constant commitment to guarantee the security of your information as well as that of your users.

Strict governance of reservation data

Our booking system — used in libraries, study rooms, pools, museums or university restaurants — follows a simple principle: collect only what is strictly necessary. As detailed in our data-use policy, the information collected is limited to reserved time slots, a minimal identifier to manage the booking, and technical data strictly necessary for the service to function.

We never share data with third parties for commercial purposes, nor perform data enrichment or marketing profiling. Institutions remain the full owners of their data. Our approach is designed to be GDPR-compliant by design: data minimization, limited retention period, full user rights, and encryption of data in transit and at rest.

SSO: strengthening security and simplifying administration

For institutions that choose it, Affluences offers a Single Sign-On (SSO) system allowing administrators to access the portal using their existing professional accounts (Gmail, Outlook, Microsoft Azure AD, Shibboleth or other federated authentication solutions).

This ensures that your teams do not have to manage additional passwords: they use their corporate identities already in place. Account lifecycle management (creation or deactivation) is handled internally by your organisation’s directory — no credentials are stored by Affluences. We only receive a limited, secure authentication token.

The SSO centralizes access management, aligns with your internal security policies (MFA, password complexity rules, password rotation, role management, …), and simplifies daily IT management for your teams.

Sovereign hosting: all data stored on French servers

We have chosen to host all data with OVH, a French provider whose servers are located in France and subject only to European law.

Unlike American providers subject to extraterritorial laws such as the Cloud Act, OVH is not subject to foreign jurisdictions seeking access to data. Data remains stored in France, protected under French law and GDPR, while benefiting from OVH’s highly secured, certified infrastructure.

Crowd-counting via computer vision: protecting user privacy

Beyond reservation data, Affluences uses sensors based on computer vision to measure occupancy. These sensors do not store or transmit images, ensuring user confidentiality. The processing is done in real-time, on the device or a dedicated microprocessor, where AI models analyze only people flows.

Only aggregated count data is sent to Affluences servers. The system does not recognize faces nor create any individual fingerprint; captured images are immediately deleted after analysis.

This approach allows venues to get precise, reliable occupancy data while ensuring full GDPR compliance and respect for user privacy.

Our goal is simple: deliver a solution that is reliable, secure, GDPR-compliant and aligned with increasing IT security requirements.