topbar banner

At iAdvize, security and privacy are our top priorities.

We continuously monitor and update our security and privacy policies to ensure they comply with the latest laws and regulations.

Group 12116

Security

iAdvize has been ISO 27001 certified since 2019, demonstrating adherence to the internationally acclaimed standard for information security management. 

Moreover, we meet the CSA Security, Trust & Assurance Registry (STAR) requirements, underscoring our dedication to upholding the highest standards of security and trust in cloud services.

Learn More

Legal & Privacy

As a service provider and data processor for our customers, we are committed to supporting them in their compliance with applicable data protection laws, like GDPR, CCPA, CPRA, AI Act, etc.

Learn More

Security

Infrastructure Security

  • Hosted on AWS, partnering with Azure and Google, with data hosting in Europe
  • Dedicated virtual private clouds (VPCs)
  • Subnet and network ACLs
  • Automated backup strategies
  • Database encryption
  • Disaster recovery plan

Security Governance

  • Information security policies that are regularly reviewed and updated to comply with ISO 27001 standards and GDPR requirements
  • Executive oversight
  • Risk management framework (NIST, Ebios RM, OWASP)
  • Data Protection Officer (DPO)
  • Security awareness training
  • Incident response and reporting
  • Vendor and third-party management

Product Security



  • Adoption of a secure development lifecycle (SDLC)
  • Code source access controls
  • Security by Design and Privacy by Design
  • Regular security audits
  • Data encryption at rest and in transit
  • Compliance with GDPR

Detection


  • Advanced monitoring systems
  • Incident response team
  • Regular security drills
  • Automated security alerts
  • Collaboration with leading security platforms and services, such as YesWeHack for vulnerability management and Board of Cyber for external vulnerability & perimeter monitoring
  • Continuous improvement

 

IT System


  • Centralized identity and access management
  • Multi-factor authentication (MFA)
  • Network segmentation and firewalls
  • Endpoint protection
  • Secure remote access
  • Disaster recovery and business continuity

 

Yes, iAdvize has a data processing addendum available for each of its entities in multiple languages. You’ll find the up-to-date versions here.

iAdvize processes the following data for customers using the iAdvize solution: 

  • Customer’s website visitors' data (visitor unique identifier, IP address, technical data, navigation data, etc.) 
  • Data relating to chat conversations (content of the conversation, number of chats, duration, date, response to satisfaction survey if applicable, etc.)
  • Data relating to conversations via Facebook Messenger, WhatsApp, or Apple Messages for Business
  • Data relating to customers’ employees using the solution (first name, last name, alias, username, position held within the client’s company, log in data, logs, etc.)

The iAdvize solution is designed primarily for e-commerce websites and is not intended to collect sensitive data. However, the latter has a free input area and may be required to process sensitive data provided directly by the visitor. That’s why iAdvize helps its customers set up safeguards to collect only necessary information.

Each iAdvize employee receives continuous privacy and security training through online and on-site training courses. 

Information about the services provided by each iAdvize sub-processor and their geographic location is available here. This list is updated regularly.  

If you wish to exercise your rights, you may use the following service : 

 

9 rue Nina Simone - EuroNantes Gare, le Berlingot Bâtiment B, 44 000 Nantes

If, after our response, you feel that your rights concerning your personal data have not been respected, you may lodge a complaint with the competent data protection authority: 

CNIL, 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07

iAdvize relies on a network of trusted subcontractors to power its solution, guaranteeing optimal compliance and performance, and unlocking unlimited possibilities for your business' success. 

Last Update : 10/24/2025
iAdvize Sub-processors

Sub-Processor: AWS
Corporate name: Amazon Web Services, Inc.
Address: Amazon Web Services EMEA SARL,
38 avenue John F. Kennedy, L-1855 Luxembourg, Luxembourg
Purpose: Data storage
Country where the Sub-Processor performs the processing: Germany
Transfers outside EEA: N/A

Sub-Processor: Microsoft Azure
Corporate name: Microsoft France SAS
Address: Microsoft France SAS,
39 quai du Président Roosevelt,
92130 Issy-les-Moulineaux, France
Purpose: AI functionality
Country of processing: Europe and
the United Kingdom
Transfers outside EEA: For the UK:
secured APIs, logical instance
separation, limited data retention through
sampling (30 days) for compliance verification with the code of ethics.

Sub-Processor: Salesforce
Corporate name: Salesforce, Inc.
Address: 3 Avenue Octave Gréard,
75007 Paris, France
Purpose: CRM
Country of processing: France
Transfers outside EEA: N/A

Sub-Processor: Mixpanel
Corporate name: Mixpanel Inc.
Address: Avenida Diagonal, 442 – P. 3 PTA. 1, Barcelona, Spain
Purpose of the processing carried out by the Sub-Processor:
Measurement of visitor engagement (collection of IP addresses in case
of cookie consent)
Country of processing: Spain
Transfers outside EEA: N/A

Sub-Processor: Zendesk
Corporate name: Zendesk, Inc.
Address: Paul-Lincke-Ufer 39-40, Berlin, Germany
Purpose: Support
Country of processing: Germany
Transfers outside EEA: N/A

Sub-Processor: HubSpot
Corporate name: HubSpot Ireland Ltd
Address: 1 Sir John Rogerson’s Quay, Dublin 2, Ireland
Purpose: CRM
Country of processing: Ireland
Transfers outside EEA: N/A

 

Take your conversational commerce to the next level.