Djeed · Trust Center
Methodology in public. Provenance on every record. Personal data and customer workspace content held in the European Economic Area and Switzerland. No third-party analytics, no advertising pixels, no cross-site tracking, no behavioural profiling. The operational signals we do keep are the minimum needed to run the service well — and inside DjeedX every customer gets a full audit log of what happens in their own workspace.
This page is the official record of how that works. For contractual terms see Privacy, Terms, and the DPA.
Pillar 01
No Google Analytics, no advertising pixels, no session-replay tools, no behavioural profiling. The browser ships with one strictly-necessary auth cookie, one bot-protection cookie, and a first-party theme preference. That's it.
Cookie Policy →Pillar 02
Your DjeedX workspace — every record, every audit log, every backup — sits in Geneva, Switzerland, on Infomaniak Public Cloud. The marketing site at djeed.com is a separate surface, served from Cloudflare's European edge under EU jurisdictional residency. Two systems, deliberately separated; one regulatory zone under the EU Adequacy Decision (renewed January 2024).
How the two sides split →Pillar 03
Inside DjeedX every record write is logged with actor, timestamp, IP, and diff. Customers see their own log; export it for their compliance archive; and revoke sessions or members on demand. The platform sees aggregates, not user clickstreams.
How we audit →Section 01
Two columns side by side, plain language. The left column lists every signal we collect, where it lives, and how long we keep it. The right column lists categories of data we have decided not to collect.
What we collect
What we don't collect
The bottom lineDjeed runs no <script> tag that pings a third-party analytics endpoint on either djeed.com or DjeedX. The performance and privacy benefits compound: lighter pages, no consent banner, no third-party contracts to audit.
Section 02
Two systems, deliberately separated. Your workspace data — the records you create in DjeedX, the audit log, the backups — sits in Geneva, Switzerland, on Infomaniak Public Cloud. The marketing website at djeed.com is a separate surface that runs on Cloudflare's European edge, with all website-side storage (lead-form submissions, public factory snapshots) under EU jurisdictional residency. Switzerland is covered by the EU Adequacy Decision (renewed January 2024), so the two halves sit in one regulatory zone for transfer purposes.
Side A · your data
Every record you create in DjeedX, every member you invite, every file you upload, every audit-log entry, every backup — all of it lives on Infomaniak Public Cloud in Geneva. The factory that produces base datasets runs on the same Swiss infrastructure. This is where your real data sits.
Side B · the website
The marketing site, the public methodology pages, and the lead-capture forms run on Cloudflare Pages at the European edge. Storage on this side is small and operational: aggregate factory stats, lead-form submissions, and rate-limit counters. None of your DjeedX workspace data passes through here.
┌──────── visitor ────────┐ │ │ ▼ ▼ ┌── Cloudflare edge (global) ──┐ djeedx.djeed.com sign-in │ TLS 1.3 · WAF · Turnstile │ │ │ DNS · CDN · Bot mgmt │ │ (passes through, └────────────┬──────────────────┘ │ not stored on CF) │ │ SIDE B — website surface (Cloudflare) │ ┌─────────────┬──────────────────┐ │ ▼ ▼ ▼ │ djeed.com KV (global) R2 (EU jurisdiction) │ Pages leads + rate-limit factory stats │ │ SIDE A — your data (Infomaniak Geneva, CH) ◀──────┘ Infomaniak Public Cloud · Geneva, Switzerland ├─ Postgres 16 + PostGIS (workspace records, audit) ├─ Neo4j 5 + APOC (graph data) ├─ Redis (job queue) ├─ Object storage (CH) (backups, 30-day rotation) └─ Caddy host (TLS termination) Identity: Clerk (EU residency configured) — clerk.djeed.com
We do not transfer personal data outside the EEA / Switzerland for processing. If that ever changes we will notify users in advance and rely on Standard Contractual Clauses or another lawful transfer mechanism under Chapter V of the GDPR. The full mechanism is documented in Privacy §04.
Section 03
The other companies that process personal data on Djeed's behalf, what each one does, and where they sit. Each is bound by a written agreement and processes data only on our documented instructions.
| Sub-processor | Role | Region | Status |
|---|---|---|---|
| Cloudflare, Inc. | Website surface only: CDN, DNS, R2 (public factory stats), KV (lead submissions + rate-limit), Turnstile bot protection. Does not process DjeedX workspace data. | Global edge (EU/CH primarily for European visitors); R2 bucket created in the EU jurisdictional ring (Western Europe); KV globally replicated (no per-namespace residency). | Active |
| Infomaniak Network SA | Your data lives here: compute, managed PostgreSQL, Neo4j, Redis, and CH-resident object storage for DjeedX workspaces + the factory. | Geneva, Switzerland | Active |
| Clerk, Inc. | Identity, sessions, organisation management | EU residency configured | Active |
| Neo4j, Inc. | Managed graph database (Aura) — engaged when DjeedX migrates from container Neo4j to managed Aura | EU | Contracted, not yet active |
| Resend, Inc. | Transactional email — engaged when transactional mail is enabled | EU | Contracted, not yet active |
| Stripe Payments Europe, Ltd. | Payment processing — engaged when paid plans are activated | EU | Contracted, not yet active |
Material changes to the sub-processor list are notified to account holders by email at least 14 days before the change takes effect.
Section 04
The technical and organisational safeguards that are in place today. Items are listed only when they are running in production — items in flight are tracked separately in the strategy document and surface here when they ship.
TLS 1.3 on every public endpoint. HSTS preload-eligible. No mixed-content paths.
AES-256 for databases, object storage, and backups. Keys managed by the underlying provider; rotation is on the provider's schedule.
Inside DjeedX, every workspace has its own row-level security boundary at the Postgres layer. Cross-workspace queries are not possible at the database level.
Every record write inside DjeedX is logged with actor, timestamp, IP, and diff. The log is append-only and surfaced back to workspace admins.
Cloudflare Turnstile gates the public lead-form endpoints. Sign-in attempts are throttled by Clerk.
Daily backups of Postgres and Neo4j, encrypted at rest, with a 30-day rotation window. Stored in Switzerland alongside primary storage. Restore procedure documented and rehearsed.
GitHub Dependabot on the platform monorepo. CI build is non-deployable on a high-severity advisory in a production dependency.
Operator access to production is limited to the founder during the private-beta phase. Cloud credentials are stored in chmod-0600 files on the operator workstation, never in the repo, never in chat.
Section 05
Operational signals we keep to run the service reliably — focused on the platform itself, not on the visitor as an individual. Categories, sources, and what gets flagged.
Cloudflare WAF
Injection attempts (SQL, command, header), known-bad payloads, request-size anomalies — filtered with Cloudflare's managed ruleset.
Cloudflare Bot Score + Turnstile
Automated traffic, scraping behaviour, headless-browser fingerprints. Forms fail-closed when Turnstile validation fails.
Cloudflare KV counters + Clerk
Per-IP request floods on /api/leads/* and sign-in. Counters surface to operators; the IP is throttled or blocked at the edge.
Clerk security events
Repeated failed-credential attempts, sign-ins from unusual geographies, OAuth callback anomalies, session-token reuse.
FastAPI structured logs (DjeedX)
5xx error spikes, slow queries, dramatiq job failures, Postgres connection-pool saturation.
Postgres audit_log table
Bulk-delete patterns, export bursts, member-role escalations. Surfaced to the workspace admin in the customer Audit Center (Phase 3) and to operators only on customer report.
Section 06
We welcome reports from security researchers. If you have found a vulnerability, contact us before disclosing publicly — we acknowledge within 72 hours and will work with you on a co-ordinated timeline.
How to report
Include reproduction steps, affected URL or endpoint, the impact you believe the issue has, and any suggested mitigation. PGP available on request.
Machine-readable: see /.well-known/security.txt (RFC 9116).
What we ask
Section 07
We name the standards we align to today and the ones we are working toward. Where a certification is not yet held we say so plainly, rather than implying coverage we don't have.
The Privacy Policy, DPA, and operating practice implement the controller and processor obligations of Regulation (EU) 2016/679. Subject-rights workflow runs through privacy@djeed.com with a 30-day SLA.
The Federal Act on Data Protection (revised, in force September 2023) is observed for all Switzerland-resident data. Switzerland is covered by the EU Adequacy Decision (renewed January 2024).
No non-essential cookies, no client-side tracking. Article 5(3) consent is not triggered because there is no storage on or access to user-device data beyond strictly-necessary purposes.
Annex A self-assessment is on the roadmap post-incorporation. We do not claim certification.
Type I readiness assessment planned once the operating entity is incorporated and a multi-engineer team is onboarded. We do not claim certification.
The Bronze → Silver → Gold pipeline that produces our records is mapped to the Berkeley Protocol on Digital Open Source Investigations — the most rigorous open-source-research standard available. The same chain-of-custody discipline travels across sectors, from a planning team tracking permits across municipalities to a corporate-research team building entity graphs from registries and filings. See the Methodology page.
Section 08
Operational status, incident history, and the policy we follow when an incident affects customer data.
Live status
A public uptime page covering djeed.com, djeedx.djeed.com, and their API endpoints will publish at status.djeed.com. Until it ships, operational issues are posted to the Djeed Beta workspace announcement channel and emailed to affected accounts.
Incident response policy
For any personal-data breach, we notify the relevant supervisory authority and affected customers within 72 hours of becoming aware, per GDPR Article 33. Post-incident review is published as a public postmortem when remediation is complete.
Talk to a person
Privacy and data-protection rights: privacy@djeed.com. Vulnerability reports: security@djeed.com. Contractual or commercial questions: legal@djeed.com. We respond within 30 days; usually much sooner.
Living documentThe Trust Center reflects the operating practice of the private beta. Sub-processor list, certification status, and incident history are kept current; material changes are notified to account holders by email at least 14 days before they take effect.