Data in France, HDS-certified host
Our health solutions are hosted at Scalingo, a French host certified as a Health Data Host (HDS), in the osc-fr1 region. No data is exposed to the US Cloud Act.
Ducal is backed by no investment fund. Our roadmap serves care facilities and regions — not a shareholder's return targets. Your data stays in France, on sovereign infrastructure, and your trust is never a trade-off.
Four figures you can measure in our code and our infrastructure — not in a sales brochure.
Health data is valuable. On illicit markets, a complete medical record trades for ten to twenty times the price of a credit card number — and cyberattacks against care facilities have multiplied in recent years. For a facility or a funder alike, the question is no longer "should we secure it?" but "who do we entrust the data to?".
Our answer comes down to one word: independence. While part of the medico-social patient-record market consolidates around investment funds, Ducal remains an independent vendor. That stance determines who decides the roadmap, where the data lives, and what is never sacrificed under profitability pressure.
Security and sovereignty are not a cost you endure. They are a promise of trust we keep — verifiable, documented, and contractually enforceable.
Three commitments that make the difference between "data kept safe" and "data you stay in control of".
Our health solutions are hosted at Scalingo, a French host certified as a Health Data Host (HDS), in the osc-fr1 region. No data is exposed to the US Cloud Act.
The underlying datacentre runs on Outscale infrastructure, qualified SecNumCloud by ANSSI — the highest sovereign-cloud qualification level in France. The qualification belongs to the infrastructure, not to a Ducal claim.
Our roadmap is driven by facilities' needs and Ségur compliance — not by an investor's financial trade-offs. You know who you are talking to, and whom we work for.
Three isolated environments ensure no real data leaks outside production:
The infrastructure relies on restrictive firewall rules. Administrative access mandatorily requires a key-authenticated VPN. Services are segmented to limit lateral movement in case of compromise, and no database is reachable directly from the outside.
Every code change passes through a continuous-integration pipeline before reaching production. Sixteen automated checks run on every deployment: nothing ships to production without passing them all.
Data is protected at every moment of its lifecycle: in transit, at rest, and up to its certified destruction at end of contract.
All communications are protected by TLS 1.3 minimum, with HSTS enabled across all our domains and obsolete protocols disabled without exception. At rest, health data is encrypted with AES-256-GCM; infrastructure volumes and backups are encrypted too.
Multi-facility isolation. At the database level itself, each facility sees only its own data: isolation is verified automatically on every deployment, including against privileged accounts. A facility can never reach another's data by mistake.
Detect fast, fix fast, and keep you informed. Our response-time commitments are measurable and enforceable.
Incidents are classified from P1 (critical) to P4 (minor). For a P1 incident, the client is notified within 4 hours. If a data breach is confirmed, the CNIL is notified within 72 hours in line with the GDPR, and every incident is the subject of a documented post-mortem.
Ducal operates within the frameworks required to process health data in France, and commits each compliance point in the contract.
We never speak of "Ségur certification". Our Résident module is built Ségur-native for the medico-social corridor and is within the Wave 2 referencing trajectory. We state precisely where we stand, because trust is built on accurate facts.
Contractually, every project is covered by a Data Processing Agreement (DPA) as standard. Ducal maintains a records-of-processing register, applies privacy by design from the outset, and delivers the full source code to the client. At end of contract, a certified secure deletion is performed and documented.
AI strengthens our security every day. But its scope is strict, and human oversight is systematic.
As a system operating in healthcare, our use of AI falls under the high-risk category within the meaning of the European Artificial Intelligence Regulation (AI Act, EU 2024/1689). That is why human oversight is systematic at every step.
Read our AI usage charter →A real-world demonstration, answers to your security and compliance requirements, and access to our PSSI within a contractual framework.
What the Health Data Host certification covers, and why it protects your users.
The most demanding ANSSI cloud qualification, and what it means in practice.
An overview of threats and best practices for health and medico-social organisations.
A look back at recent attacks on French facilities and their lessons.
The specific obligations for processing personal health data.
How a facility organises continuity and recovery in the face of a major incident.
Code transparency and auditability: why they strengthen trust.
Data localisation, the Cloud Act, and digital-sovereignty stakes for health.
Let's talk. We'll get back to you within 48 hours with an initial proposal tailored to your needs.
Contact Us →