It means your documents are encrypted on your device before reaching our servers. Decryption keys never pass through our hands. Technically — not just contractually — we cannot read your client data. Even if authorities asked, they would only see unreadable bytes.

Yes, 100%. All Securoo infrastructure is hosted on OVH in France. We have no US subprocessors — not even for analytics, transactional emails, monitoring. The complete sub-processor list is published on the site and always up to date.

No, and we want to be clear on this. It is an electronic signature with two-step validation (PIN sent by email) plus RFC 3161 timestamp — with full probative value in court for most retainers, mandates and document handovers that need a traceable acknowledgement. For acts that the law specifically requires to be signed with a qualified electronic signature (public deeds, certain notarial powers of attorney), a separate qualified-signature service is needed — that is not Securoo's use case.

Being zero-knowledge, if you lost your password we couldn't recover your data — it's the uncomfortable part of real security. For this reason, at first access, you generate a 24-word recovery passphrase (BIP39 standard, like crypto wallets) that you keep offline (physical safe, vault, paper print). In case of password loss, this restores everything. Optionally, you can designate a "recovery contact" among firm collaborators.

Yes, this is one of our central goals: not replace your management software but complement it as a secure storage layer. Official connectors on roadmap for major European vendors. A public REST API and Zapier/Make integration for low-code automations are also planned.