One tool, endless possibilities.

• Fully customizable

  Menus, forms, fields, reference data, permissions, emails… every detail can be tailored to your organization.

• Streamlined and controlled user management

  A simplified interface for occasional users, precise access rights — everyone sees only what they need. Self-registration and SSO available to make access even easier.

• Seamless teamwork

  Custom workflows, automatic reminders, targeted notifications, timestamped discussion zones, and full logging — everything is under control.

• Connected to your ecosystem

  Use our APIs to connect your software, users, processors, and more.

• Built-in document management

  Attach any file (PDF, Word, images...) and access everything directly from the records. Even better: each "Attachments" field has its own unique email address — just send a message to upload in one click.

The GDPR register, finally easy to manage.

• A compliant register, in the strict sense of the GDPR

  All required information is included. Each record evolves through versioning; previous versions are archived automatically. Every change is tracked — exactly as a true register demands.

• Smooth entry, reliable data

  Smart alerts detect inconsistencies, customizable reference data, and interactive drag-and-drop components make data entry intuitive, enjoyable, and consistent.

• Visual indicators that highlight what matters

  Color-coded data sensitivity, risk levels before/after measures, record completeness… so you can classify and prioritize at a glance.

• Automated periodic reviews

  Schedule record revalidations at your preferred pace (annually, biennially, etc.). Operational teams are notified right on time.

• Multi-entity: one record, multiple registers

  One record can feed multiple subsidiaries’ registers. Updates apply across all relevant entities — a huge time saver.

• Built-in self-assessments for each processing activity

  Quickly assess six key points: data transfers outside the EU, subcontracting, legal notices, security, retention periods, and sensitive data. A visual summary helps guide your action plans.

Manage your DPIAs as a team, with method and simplicity.

• Built-in DPIA assistance

  From the processing record, a risk criteria summary guides you on whether a DPIA is needed.

• No duplication, no wasted time

  Data from the processing record automatically feeds the DPIA analysis. Save time right from the start.

• Integrated and adaptable CNIL references

  Rely on a recognized base, expandable to fit your business contexts.

• A scenario-based approach

  Confidentiality, integrity, availability: develop multiple scenarios per risk type to anticipate impacts and adjust your measures.

• Facilitated teamwork

  Involving multiple stakeholders in drafting or assessment becomes simple and structured.

• Effective action plans

  Define, track, and implement corrective measures during and after the analysis. Everything remains centralized and traceable.

• Professional report, with one click

  Generate a clear, structured, and visual document anytime, ready to present or archive.

• Simplified and secure signing

  Get your DPIA reports signed remotely, without logging into Provacy, via the secure Provasign interface.

Your security measures, well established and fully tracked.

• Built-in, ready-to-use library

  Benefit from a list of measures inspired by CNIL, with definitions accessible in one click.

• Fully customizable

  Add, modify, and organize your own measures to fit your context.

• Intuitive drag-and-drop input

  Link measures to processing activities and add explanations or comments if needed.

• Applied or recommended?

  Indicate with one click whether a measure is implemented or simply recommended.

• Multi-level association

  Associate your measures with a data controller, a department, a tool, or a third party.

• Automatic inheritance in processing activities

  When a processing activity uses a related object, the corresponding measures are automatically applied. Gain time, consistency, and documentation rigor.

A dedicated register for your subcontracting activities.

• Compliance of processing as a subcontractor

  Processing activities carried out on behalf of your clients are managed with the same features as your main register: official register, versioning, indicators, security measures...

• Clearly identified controllers

  Whether external clients or internal entities, you clearly link them as controllers for each processing activity.

• Contractual clauses with one click

  From each record, generate GDPR-compliant standard clauses. A real asset to reassure your clients.

Responding to data subject requests becomes simple, fast, and controlled.

• Smooth team management

  Centralize all requests in a single module. Assign them to departments with a validation workflow and automatic notifications.

• Fast responses, respecting deadlines

  Use customizable email templates for efficient replies. Automatic alerts help you meet deadlines.

• Guaranteed security and confidentiality

  ID documents are protected with watermarks. Upon archiving, attachments are deleted and data is automatically anonymized.

• Real-time monitoring

  Track progress in a clear and actionable dedicated dashboard.

• Online form connected to Provacy

  From your legal information, add a link to a rights request form with integrated chat. Requests are directly injected into the application with full traceability of exchanges (Tchatch option).

Manage your compliance actions as a team, with method.

• Structured team management

  Plan individual or group tasks with priority handling, shared documents, and reminder emails.

• Clear and dynamic visual tracking

  Activities are listed or displayed in Kanban style, with color indicators to identify urgencies and bottlenecks at a glance.

• Thoughtful access rights

  Each user sees only the actions relevant to them. Everyone stays focused on their scope.

• Connected to your entire compliance ecosystem

  Activities can be linked to processing records, breaches, data subject requests… for cross-functional, traceable, and GDPR-compliant management.

Information notices: ready, adaptable, integrable.

• Ready-to-use CNIL templates

  Choose from 7 templates. The data from the record is automatically inserted — you just need to adjust the text as needed.

• Add your own templates

  Integrate your custom templates to generate notices perfectly tailored to your materials.

Third parties and processors: control your data exchanges.

• A dedicated space for each third party

  Manage your processors and partners in a centralized menu. Assign security measures and monitor their compliance with visual indicators.

• Clear protection level for transfers outside the EU

  The protection level of the third country is displayed automatically to help you manage transfers compliantly.

• Ready-to-use contractual clauses

  Generate standard contracts based on European Commission templates or your own models. Formalize your obligations in just a few clicks.

• Simple audits, always up to date data

  Third parties receive an invitation to complete their questionnaire. For subsequent requests, they simply update their existing answers (Tchatch option).

Data breaches: respond, document, control.

• Comprehensive documentation compliant with GDPR

  Record each breach, link the measures taken, indicate if data subjects were informed, and attach your report to the authority if required.

• Built-in risk assessment

  Self-assess the severity of the incident with visual indicators. Immediate, clear, and traceable decision support.

• Corrective actions at your fingertips

  Associate relevant security measures from your catalog: direct links, quick selection.

• Workflow-driven process

  A structured approval workflow helps you manage breaches as a team, with tracking and traceability of all actions.

Monitoring: making your compliance clear and accessible.

• Dynamic dashboards

  Track compliance by entity, department, or year. Need a specific chart? We’re ready to add it for you.

• Interactive organizational chart

  See your organization as it is: entities, contacts, and number of records. Instantly spot covered areas—and those needing attention.

• Processing activity mapping

  A dynamic tree view lets you visualize and filter records by entity or unit.

Zeus, the AI that guides you through compliance.

See more …

• Immediate regulatory support

  Ask Zeus your questions: it helps you interpret the GDPR and make informed decisions independently.

• Fast and effective co-creation

  Create, analyze, and compare your records with Zeus’s help. It suggests purposes, legal bases, retention periods, security measures… and builds your content ready for validation.

• Contextual answers, always compliant

  Zeus supports you in your environment: it understands the context of each processing activity and proposes tailored action plans or modifications.

• Security, ethics, and traceability guaranteed

  No data is transmitted without consent. All suggestions and changes are logged in a verifiable changelog.

Tchatch – Simplify exchanges, collect the right information.

• Submit a data subject request, effortlessly

  Data subjects submit their requests via a direct link. Tchatch sends the request into Provacy and enables transparent tracking through the chat. A response compliant with GDPR Article 12, without complexity.

• Report a processing activity or a data breach

  Business teams can declare a new processing activity or incident without needing access to the application. The guided questionnaire feeds directly into standardized records in Provacy. The DPO is notified and can communicate with the reporter via chat.

• Audit your subcontractors, fully compliant

  Invite your subcontractors to complete a questionnaire through Tchatch. They access a clear form, communicate if needed via chat, and their responses are directly centralized in Provacy.

Transfers outside the EEA.

• Transfers described without double entry

  Information from processing records automatically feeds the transfer analysis: data, actors, flows.

• Country-specific protection levels integrated

  The protection level of the destination country is displayed automatically to help you assess the necessary safeguards.

• Clear, filterable mapping

  Flows are presented in a concise view, with filters by entity, service, third party, or data category.

• Documented and expandable local legislation

  Legislation from 6 countries (Russia, India, China, Mexico, Turkey, Brazil) is already integrated based on EDPB reports, with room for additions as needed.

Software, tools, and flows.

• An easy-to-build tools repository

  Import your software via a file or enrich the list progressively.

• Inherited security measures

  Associate security measures directly with each tool. They will be automatically applied to the relevant processing records, saving time and ensuring consistent compliance.

• Automated flow mapping

  For each tool, specify whether it sends or receives data. The consolidated flow view and mapping are generated automatically.

Template Records: Save Time, Stay in Control.

• Ready-to-use templates

  The DPO provides standard templates that coordinators can easily adopt. A real time-saver to kickstart or structure the process.

• Perfect for complex organizations

  The same template can be reused across multiple entities or departments, without starting from scratch each time.

Documentation: inform, raise awareness, engage.

• A tailored resource center

  The DPO creates custom documentation pages with text, links, documents, or videos. Everything is structured, accessible, and dynamic.

• Spreading a culture of compliance

  Share your guidelines, promote best practices, and foster a continuous data protection awareness dynamic.

Languages: collaborate without borders.

• An interface available in 8 languages

  Each user works in their preferred language, with no impact on readability for others. Ideal for multinational groups.

• An official register accessible in all languages

  Entered texts can be translated with one click, or automatically overnight via DeepL. A real plus for transparency and international collaboration.

• Notifications adapted to each user

  Each recipient’s language is automatically detected to send emails in the right language. Clearer, smoother, more efficient.

Security and Sovereignty: Provacy Checks All the Boxes.

• Sovereign Hosting and High Availability
  • Primary hosting with IONOS (Germany), ISO 27001, ISO 50001, C5 certified
  • Backup hosting with OVH (France)
  • Hourly backups (48 hours) and daily backups (40 days)
  • Guaranteed availability > 99.9%
  • Data can be exported anytime in Excel, SQL, or JSON formats, with no extra cost

• Enhanced Security at Every Level
  • HTTPS encryption (TLS 1.2/1.3, HSTS, RSA 2048 bits) — Qualys SSL Labs Grade A+
  • Strong authentication (ANSSI-compliant), complex and renewable passwords
  • Strict segregation between client environments (LXD containers)
  • Complete action logging, full traceability
  • Automatic anonymization of deleted accounts
  • Integrated automatic archiving

• Structured and Documented GDPR Compliance
  • Technical documentation, Security Assurance Plan (PAS)
  • Fine-grained access control via roles and scopes
  • Standard contractual clauses provided
  • Secure access from all modern browsers (Chrome, Firefox, Edge 112+, Safari 14.6+)

• Total Reversibility, No Vendor Lock-in
  • Administrators can export their data at any time
  • Standard formats available: Excel, SQL, and JSON
  • No extra cost, no technical dependencies