UrbaHiveUrbaHive

    Security of your IT map, built in

    Your IT map contains the detailed blueprint of your IT estate — it deserves more than generic vendor pledges. UrbaHive applies the strictest European-market standards, with hosting in the European Union.

    Hosting and sovereignty

    UrbaHive is hosted on Vercel with deployment in European Union regions (Paris, Frankfurt). No customer data leaves the EU in normal operations. For organizations subject to SecNumCloud or sector-specific requirements (defense, healthcare, public sector), an on-premise option is available on the Enterprise plan.

    Encryption

    • At rest: AES-256 on all storage volumes and databases.
    • In transit: TLS 1.3 enforced on all connections, HSTS enabled.
    • Backups: encrypted, retained 30 days, restore tested monthly.

    Authentication and access

    • SSO: SAML 2.0 and OpenID Connect (Azure AD / Entra ID, Okta, Google Workspace, Keycloak).
    • MFA: native support (TOTP, WebAuthn).
    • Permissions: scoped, customizable roles (read, contribute, approve, admin).
    • Audit log: every action tracked and exportable.

    Compliance

    • GDPR: UrbaHive is compliant. DPA available on request, sub-processors documented.
    • NIS2 / DORA: UrbaHive helps you comply, and is itself held to equivalent security commitments.
    • HDS (French health data hosting): not required today; available on on-prem option for healthcare actors.

    Incident response

    UrbaHive maintains a documented incident response plan with a 72-hour customer notification commitment for any data breach affecting your content. Vulnerabilities can be reported to contact@urbahive.com.

    Testing and audits

    • Annual penetration tests by an external firm.
    • Weekly vulnerability scans (SAST + DAST).
    • Mandatory code review with automated security gates.

    Security FAQ

    Is my data shared with third parties?

    No. UrbaHive does not sell, share, or use any customer data for marketing or AI model training. The full list of our technical sub-processors (hosting, monitoring, support) is documented in the DPA.

    Can I retrieve my data if I cancel?

    Yes, anytime, in Excel, JSON, ArchiMate XML, and SVG formats. After cancellation, your data is retained 30 days then destroyed with attestation.

    Does UrbaHive use AI on my data?

    AI assistance is optional, off by default, and never sends your data to third parties. You stay in full control.

    A specific security question?

    Contact our team