End-to-end AES-256 encryption, keys held in Switzerland, replicated underground bunker, native nLPD and GDPR compliance. Your data rests in the most rigorous digital vault in Europe: confidentiality, neutrality, stability, discretion.
Your data is encrypted before it leaves your device, stays encrypted on our servers, and is decrypted only on the client side. Even we, as operators, can't read it.
AES-256 GCM on every disk. Each volume block-level encrypted with a unique key. No reading possible if a disk is physically extracted.
TLS 1.3 with ECDHE and forward secrecy. No client/server communication can be observed, even via network interception. Ephemeral keys regenerated each session.
VAULT CUSTOM plans: client-side encryption before send. Your data arrives already unreadable. Only you hold the keys. Absolute confidentiality.
Your cryptographic keys are generated and held inside Hardware Security Modules (HSM) certified FIPS 140-2 level 3, physically sealed in Switzerland. No key ever leaves their enclosure.
You can entrust us with your own cryptographic keys generated by your internal HSM (Thales, Utimaco, Entrust, Microsoft, etc.). We encrypt with them, never holding a persistent copy.
Hold Your Own Key (HYOK) available: keys never leave your infrastructure. AlpiVault encrypts via your HSM in pull mode.
AlpiVault operates inside certified Swiss civilian bunkers originally designed to resist major catastrophes. Climate-controlled rooms with redundant power, biometric access, locally-archived video surveillance.
The same tradition that secured nations' gold now secures your digital twins.
Swiss-incorporated company, operated in Switzerland, billed in CHF. Jurisdiction: Lausanne. Native compliance with the most demanding regulatory frameworks — for clients based anywhere in the world.
| Framework | AlpiVault status | Guarantee |
|---|---|---|
| nLPD (Swiss law) | Native compliance | Federal Act on Data Protection — applies by right. |
| GDPR | Compliant | DPA provided, processing register, DPO reachable, data subject rights guaranteed. |
| ISO 27001 | Aligned | Information security management system — procedural alignment. |
| Sovereignty | 100% Swiss | Company, team, datacenter, bunker, legal, billing: fully in Switzerland. |
| Independent audit | Annual | Penetration tests by trusted Swiss third party, report available under NDA. |
| Reversibility plan | Provided | Your data exits in open formats (JSON, CSV, IFC, PDF, etc.). |
Tier 3 datacenter + certified bunker. Biometric access, 24/7 video surveillance, inert fire detection, security airlocks.
Multi-layer anti-DDoS, strict network segmentation, IP whitelisting, site-to-site VPN, real-time monitoring.
AES-256 at-rest, TLS 1.3 in-transit, BYOK/HYOK available, daily encrypted backups, tested restoration.
SAML/OIDC SSO, MFA mandatory for sensitive roles, fine-grained permissions, complete audit trail, credential rotation.
Native nLPD and GDPR, DPA provided, contractual reversibility plan, processing register, reachable DPO.
Human Swiss support, optional contractual SLA (120 CHF/month), security audit available, business continuity plan ready.
We provide on request: nLPD/GDPR DPA, architecture diagram, annual audit report, business continuity plan, subcontractor registry, compliance attestations.
