GDPR-by-default, not as an add-on.
PASSIVE status by default, sensitive data encrypted, French Scaleway hosting, on-demand export.
PASSIVE status by default
Member profiles are visible in the directory but expose no contact button until the member explicitly opts in. No silent enrollment.
Phones encrypted (pgcrypto)
Sensitive contact data is encrypted in PostgreSQL via pgcrypto. Never returned in public responses. Decrypted only after an accepted match.
CSV export in two clicks
Members export their data anytime, no support ticket required. Your members stay your members.
Scaleway France hosting
All data is hosted in certified French datacenters. No transfer outside the EU, GDPR Article 44 compliant.
Strict roles and permissions
Super-admin, tenant admin, member, guest. Anti-escalation signed in the JWT, double-checked at the database. No latent privileges.
Full audit log
Every sensitive action (role change, deletion, export) is journaled. Auditable from the tenant back-office.
Built on serious bricks, not a no-code mash-up.
Everything running under the hood, in plain sight. If you leave ONOTAI, the concepts come with you.
- Frontend Next.js 16 + React 19
- Backend FastAPI (Python)
- PostgreSQL 16 (pgcrypto)
- Hosted on Scaleway France
- Signed JWT (python-jose + bcrypt)
- Stripe billing