At Julie Desk, we take security very seriously. As such, we have implemented measures to protect your data in compliance with the European GDPR.

For further information on data management, please read our privacy policy.

This page lists the most frequently requested information by our customers. If you do not find the answer to your questions or would like more information, please contact us.

Table of content

    1. Certifications
    2. Datacenters
    3. Supervision Center
    4. Business continuity
    5. Data exchange and encryption
    6. System Security
    7. Updates
    8. Monitoring
    9. Incident Management
    10. Processors
    11. Human Resources Management
    12. Authentication
    13. Audit & Tests
    14. Transparency


The Julie Desk service is currently preparing for ISO 27001 certification.


The data centers used by Julie Desk are managed by a subcontractor.

Certifications Julie Desk servers are hosted on infrastructures complying with international standards ISO 27001, SOC 1 and 2 as well as PCI-DSS level 1.
Redundancy All servers are connected with 2 independent network accesses. Emergency generators provide power in the event of a power outage. The data centers are themselves connected with at least 2 network accesses and 2 power lines.
On-Site Security Badge access, 24/7 video surveillance, smoke detection and 24/7 technical staff.
Localisation Data centers are located in France and are managed by OVH.
Hosting segregation Servers, IP and storage used for hosting the Julie Desk service are dedicated. We use virtualization solutions.
Service Level Agreement (SLA) The contract with our hosting provider includes SLAs that apply from 10 minutes of unavailability. An automatic monitoring system has also been set up to detect incidents and trigger the replacement of faulty resources.

Supervision Center

A supervision center is used to supervise requests sent to the service. This center is managed by a subcontractor.

Dedicated Resources The following resources are dedicated to Julie Desk : room, workstations, network equipment (including firewall), teams.
Physical Access Access to the dedicated room requires biometric access. 24/7 video surveillance is installed.
Logical Restrictions Access is limited to strict supervision needs. Users do not have access to the administrator account on workstations, USB ports are deactivated, external internet access is filtered and access is only granted on internal applications to meeting organization. Access to Julie Desk applications requires the use of a site-to-site VPN accessible only from the dedicated room.

Business continuity

Redundancy Services and physical storages are distributed on several servers in different rooms. A high availability solution is in place to guarantee the continuity of service in the event of a component failure.
Backups Service data is backuped daily, weekly and monthly. The maximum retention period for backups is 1 month.
Continuity plan A continuity plan has been developed to limit recovery time in the event of a major availability incident.
Recovery Point Objective (RPO) 24h.
Recovery Time Objective (RTO) 24h.

Data exchange and encryption

Service Solicitation Meeting requests are sent by email to a generic email address hosted on the Julie Desk’s information system or a dedicated email address hosted on the customer’s information system. The security of these exchanges is the same as a traditional email exchange.
Data Synchronization The system synchronizes itself by downloading emails sent to the service and user’s calendar items by connecting to the customer information systems. This communication is one way. This means communications are only initiated from Julie Desk to the Client. Those communications requires the use of the HTTPS protocol.
Exchanges between servers The system is distributed among several applications and servers. Inter-server data exchanges are encrypted and use SSH, SSL or HTTPS protocols depending on situations.
Storage The service data is encrypted using the AES-256 protocol. Salt and initialization vectors are randomly generated and differ for each entry stored in the database.
Human Supervision Human supervision access requires a VPN access and the use of HTTPS.

System Security

Architecture The service is based on a multi-tier and multi-zone security architecture. Each server is dedicated to a specific task. Inter-zone communications are filtered by firewalls.
Antivirus Antivirus software is deployed throughout the infrastructure.
DDoS Protection A DDoS attack mitigation system is installed.


Applications Applications are developed in-house and are updated via a continuous deployment process (several times a day). Each change is tested (automatically and manually) on an environment different from production before deployment.
Systems Systems are updated at least once a month in normal conditions and as soon as possible in case of publication of critical exploits.


Intrusion Detection Infrastructure logs are sent in real time to a centralized server allowing the Security Incident Event Manager (SIEM) to correlate events and alert security staff.
Exceptions Alerts are generated and sent upon exception occurrence on running applications.
Resources utilization Resource utilization metrics are tracked to predict future system usage.

Incident Management

Detection Alerts and metric tracking have been configured to detect incidents.
Procedure An incident management plan has been prepared.
Notifications The concerned customers shall be notified as soon as possible of the occurrence of any security incident. Notification of data protection authorities has been included in the incident management procedure.


Processor Verification We perform due diligence on processors with whom we work to ensure that they meet our security requirements. This includes certifications verification, compliance with applicable laws (e.g. European GDPR) and security management checks.
Service subcontractors We use subcontractors to provide hosting and human supervision of the meeting scheduling service. Any change of subcontractor used to provide the service is notified to customers.
Other providers
We use other subcontractors, in particular for the management of commercial relations with our customers (such as CRM, ticketing support system, emailing) or security management (external consultants, automated analysis, alerting).

Human Resources Management

Recruitment Procedures for checking candidates’ skills, identity and references have been set up in our recruitment processes.
Working contracts All working contracts include a non-disclosure agreement (NDA).
System Use Charter A charter for the use of computer systems has been put in place.
Internal Awareness Procedures have been put in place to raise security and personal data processing awareness. Initial awareness sessions are given upon employee arrival followed by weekly awareness sessions (5-10 min).


Access User accesses are nominative and personal.
Single-sign on (SSO) A SSO system has been deployed for internal applications.
2-factor We use 2-factor authentication for internal applications and systems (VPN with personal certificate and One Time Password).
Passwords We do not allow passwords less than 8 characters long and all passwords must contain at least 3 of the following: number, lower case, upper case, special characters.
Principle of least privileges The principle of least privileges is applied. Access is given to those who need it and only to those who need it.
Access termination Accesses of employees leaving the company are revoked as soon as they leave. When an employee’s job/position changes, accesses that are no longer required are revoked.

Audit & tests

User Access Review Every 3 months.
Vulnerability Test Every 3 months or when major system changes occur.
Backup Test Every 3 months.
Continuity Plan Test Every year.
Incident Plan Test Every year.


Reporting and documentation We can provide additional documentation on our processes and security management. This communication may require the signature of a non-disclosure agreement (NDA). Contact us for more information.
Large companies Security Questionnaires We can fill in specific security questionnaires in the case of large account integration. A dedicated security contact is then assigned. Contact us for more information.
Audit The service is auditable by its customers. Contact us for more information.

For further information, please refer to the following ressources : Terms & ConditionsConfidentiality policy and our cookies policy.