Hally-pharma is designed, developed and hosted in France, exclusively on certified infrastructures located on national territory. Your data remains under French and European jurisdiction. All communications with the platform are secured, and the infrastructure is regularly audited by an independent external cybersecurity organization.
In the pharmaceutical industry, data confidentiality and regulatory compliance are not options — they are prerequisites.
Hally-pharma is designed, developed and hosted in France, with no offshore subcontracting anywhere in its production chain. All your project data is stored with OVHcloud, a French operator subject to French and European law (GDPR), across two datacenters located in France: Gravelines (GRA, primary hosting) and Roubaix (RBX, secondary hosting). No transfer to third countries, no dependency on extraterritorial legislation such as the US CLOUD Act.
Hally-pharma is hosted exclusively on certified infrastructures located in France. Your data remains under French and European jurisdiction, protected by TLS 1.2/1.3 encryption in transit and AES-256 at rest. Customer data is strictly isolated through a secure multi-tenant architecture with database-level access controls, and all access is logged for complete traceability. Passwords are subject to a complexity policy and stored in hashed form, never in plain text.
The security of Hally-pharma is assessed by ORHUS Cyber Security, an external and independent cybersecurity firm with no ties to our development team, on the occasion of every major update introducing new features. Each audit combines two complementary approaches: black box (testing with no prior information, simulating an external attacker) and grey box (testing with user accounts provided, simulating an authenticated malicious user).
The latest audit (v1.0 — 05/19/2026) concluded an overall security level of HIGH, close to market best practices, with no vulnerability capable of affecting the confidentiality, integrity, or availability of the application. The ORHUS attestation can be provided upon request.
Beyond hosting and auditing, Hally-pharma is committed to service availability, regulatory compliance, and your ability to retrieve your data at any time.
Redundant architecture (load balancer, synchronous database replication) for a guaranteed 99.5% monthly availability. Automatic daily backups, retained for a rolling 30 days on a site separate from the production site.
Hally-pharma complies with the General Data Protection Regulation (GDPR — EU Regulation 2016/679).
At any time and at the end of the contract, complete export of your data in CSV and/or JSON format within 5 business days, at no extra cost. Upon termination, secure erasure within 30 days (active data and backups), with an erasure certificate available upon request.
Each security commitment translates into verifiable technical and organizational measures.
Your products, processes, and equipment data are exclusively accessible by your organization. Hally-pharma does not exploit, resell, or share them.
By choosing a French host subject only to European law, your data cannot be claimed by foreign authorities based on US extraterritorial legislation.
All access to production data by the Hally-pharma team is logged, timestamped, and auditable. No action is possible outside this tracked perimeter.
The infrastructure is designed for high availability with automatic and regular backups. In the event of an incident, a business continuity plan (BCP) is in place to minimize any disruption.
For your quality or IT teams, the ORHUS Cyber Security attestation for the latest audit can be shared under a confidentiality agreement. Contact us to request it.
Each user accesses only the data their role authorizes them to see. Rights are managed by your administrator, modifiable at any time.
Contact us to obtain our security documentation or arrange a discussion with our technical team.