Skip to main content
Security, compliance and hosting

Specific commitments on hosting, access and data portability.

Tempolia describes the mechanisms actually implemented: data location, backups, account separation, permissions, exports and traceability.

Tempolia team working on security and operations
Verifiable commitments

What Tempolia implements to protect and return data.

These details can be included in an IT questionnaire, vendor assessment or contract review.

Hosting in France

Production environments are hosted in France.

Dedicated database per account

Every Tempolia account uses its own database, separating each organisation's data.

Off-site nightly backup

Data is backed up every night to another server in a different data centre.

Disk redundancy

Disks are mirrored so that an isolated hardware failure does not destroy data.

On-demand backup

The administrator can request an ad hoc backup before an important operation.

Data portability

Data remains the customer's property and can be retrieved through exports or APIs according to the subscribed scope.

Granular permissions and SSO

Access is defined by profile, menu, scope and data type. OAuth2 is available, and SAML is offered with Enterprise.

Traceability

Logins, sensitive actions, approvals, exports and maintenance operations are logged according to their nature.

Continuity and recovery

Back up, verify and restore through a controlled procedure.

The nightly backup is copied to another server. An ad hoc backup can also be triggered from the interface before a significant change.

Loading a backup is a sensitive operation: the scope, date, author and associated checks must be identified. Restore operations are restricted to authorised profiles.

Tempolia does not publish a generic recovery time that is not contractually guaranteed. Any specific RPO, RTO or availability requirements must be agreed with the customer.

Daily backupCopy to another server with historical retention.
Ad hoc copyCan be triggered before an important operation.
Controlled restorationPermissions, reason, date and checks.
Access and confidentiality

Restrict each user to their scope.

Tempolia permissions combine menu access, read or edit level and data scope. They can differ by company, group, staff member, customer or engagement.

Sensitive values such as cost rates, selling prices or margin metrics can be hidden from selected profiles. Authorised managers retain control over configuration.

Custom profilesRead, create, edit and specific actions.
AuthenticationSecure access, OAuth2 and SAML SSO depending on the plan.
LoggingLogins and sensitive operations retained for review.
Tax compliance

Traceability, integrity, retention and archiving.

Tempolia applies security mechanisms to invoices, credit notes, payments, duplicates, exports and technical events. The product is working towards Category C NF525 certification.

Marketing communications must not present Tempolia as certified until the certificate has actually been issued. This page therefore describes the current state of the system, not a certification already obtained.

Issued invoices are kept separate from documents still in preparation. Corrections use documented operations, such as a credit note or reversal, rather than a silent modification of the original document.

Approved documentsIdentification, sequence, signature and integrity control.
DuplicatesTraceability of reissued documents and generated files.
JETLog of sensitive technical events and audit trail.
Tax archivesExtraction, sealing, retention and retrieval.
Data portability and integration

Retrieve data without depending on a single export.

Exports

Extract lists and reports

Views and reports can be exported according to the user's permissions and scope.

OpenAPI API

Access authorised objects

The documented API supports integration of customers, engagements, time, expenses, documents and other data according to the available scope.

Documents

Retrieve invoices and supporting documents

Associated documents can be included in the supported flows, particularly for accounting or archiving.

End of contract

Prepare data return

The format, schedule and expected data must be specified in the portability plan.

Frequently asked questions

Points to review with IT, the DPO or the auditor.

Where is the data hosted?

In France. Nightly backups are copied to another server in a different data centre.

Does the customer retain ownership of its data?

Yes. Data can be retrieved through exports or APIs according to the agreed scope and portability plan.

Is Tempolia already NF525 certified?

The product is working towards NF525 certification. Certification will be mentioned only after the certificate has actually been issued.

Which users can use SSO?

OAuth2 is available. SAML SSO is included in the Enterprise plan.

Ask the Tempolia team to review your requirements.

We answer your security, data portability and compliance questionnaire point by point.