Platform Validation Partners Managed Compliance

Your Data.
Your Jurisdiction.

Nessa deploys on EU infrastructure with full GDPR compliance.
Your pharmaceutical data never leaves the European Union.

GDPR Compliant EU Data Residency Schrems II Safe AES-256-GCM No CLOUD Act DPA Included

EU Infrastructure

Hosted on OVH Cloud in France

Your pharmaceutical data is hosted exclusively on OVH Cloud infrastructure in France. OVH is a European-owned cloud provider subject only to EU law, with no exposure to US surveillance frameworks.

🇫🇷
Strasbourg, France
OVH Cloud SAS
European-owned • EU jurisdiction only
🔒

Zero US Access

OVH is a French corporation. US CLOUD Act, FISA Section 702, and Executive Order 12333 do not apply. No US entity can compel data disclosure.

🇧

EU-Only Data Path

All data transit stays within EU networks. No transatlantic routing. DNS, CDN, and backup infrastructure are all EU-located.

🛡

Physical Security

ISO 27001 certified data centers with biometric access, 24/7 surveillance, redundant power, and on-site security personnel.

99.99% SLA

Enterprise-grade uptime with geo-redundant backups across multiple EU availability zones. DR failover within 15 minutes.

Regulatory Compliance

Full EU data protection compliance

Nessa is architected to meet the strictest interpretation of EU data protection law, including post-Schrems II requirements for cross-border pharmaceutical data.

📜
GDPR Articles 44-49
No cross-border transfers to inadequate jurisdictions. All processing occurs within the EU/EEA. Standard Contractual Clauses are not needed because data never leaves.
Chapter V GDPR
Schrems II Compliance
Following the CJEU ruling (C-311/18), transfers to the US require supplementary measures. Nessa eliminates this risk entirely by keeping all data in the EU under EU-only jurisdiction.
CJEU C-311/18
🛡
No CLOUD Act Exposure
The US CLOUD Act compels US companies to disclose data regardless of storage location. OVH is French. Clinivion processes data only on EU infrastructure. No US jurisdiction applies.
18 U.S.C. 2713
👤
Data Subject Rights
Full support for right to access (Art. 15), right to rectification (Art. 16), right to erasure (Art. 17), right to portability (Art. 20), and right to object (Art. 21).
Articles 15-21 GDPR
📋
Data Processing Agreement
Comprehensive DPA included with every contract. Covers sub-processor lists, breach notification (72-hour), DPIA support, and DPO access. No additional negotiation required.
Article 28 GDPR
🏥
EMA Compliance
Nessa meets European Medicines Agency requirements for electronic records and data integrity in pharmaceutical development, including Annex 11 and Chapter 4 compliance.
EMA Annex 11

Security Features

Enterprise-grade encryption and controls

🔐
Encryption at Rest
All pharmaceutical data is encrypted at rest using AES-256-GCM with unique per-record keys. Key management uses hardware security modules within EU data centers. Zero plaintext at rest, ever.
AES-256-GCM • Per-record keys • HSM-backed
🔒
Data Residency Controls
Administrative controls ensure data is created, processed, stored, and backed up exclusively within your chosen jurisdiction. Geo-fencing prevents accidental data migration.
Geo-fencing • Jurisdiction-locked storage • Audit trail
🗑
Right to Erasure
Cryptographic erasure ensures complete data destruction on request. When a data subject exercises their Article 17 rights, we destroy the encryption keys, rendering data permanently irrecoverable.
Cryptographic erasure • Verification certificate • 72-hour SLA
📑
DPA Included
Every Nessa EU deployment includes a pre-negotiated Data Processing Agreement compliant with Article 28 GDPR. Sub-processor list, breach notification procedures, and audit rights are standard.
Article 28 compliant • Sub-processor list • Audit rights

International Pricing

Sovereign deployment tiers

Premium pricing reflects the cost of dedicated EU infrastructure, jurisdiction-specific compliance, and localized support teams.

European Union
🇪🇺
EU Sovereign
$200K
per year • enterprise license
  • OVH Cloud France hosting
  • Full GDPR compliance suite
  • Schrems II compliant architecture
  • DPA and sub-processor management
  • EU-based support team (CET hours)
  • EMA Annex 11 validation package
  • Annual compliance audit included
  • 72-hour breach notification SLA
Contact Sales
Most Popular
United Kingdom
🇬🇧
UK Sovereign
$200K
per year • enterprise license
  • UK-based cloud infrastructure
  • UK GDPR + Data Protection Act 2018
  • MHRA compliance ready
  • UK adequacy decision compliant
  • UK-based support team (GMT hours)
  • MHRA GxP validation package
  • Annual compliance audit included
  • ICO breach notification support
Contact Sales
Switzerland
🇨🇭
Swiss Sovereign
$250K
per year • enterprise license
  • Swiss data center hosting
  • nFADP (new Federal Act on Data Protection)
  • Swissmedic compliance ready
  • Banking-grade data confidentiality
  • Swiss-based support team (CET hours)
  • Swissmedic validation package
  • Annual compliance audit included
  • FDPIC breach notification support
Contact Sales

Compliance Certifications

Trusted by regulated industries

📜
GDPR
🏥
EMA Annex 11
🔒
ISO 27001
Schrems II
🛡
FDA 21 CFR 11
📋
ALCOA+

Deploy in your jurisdiction

Contact our EU deployment team to discuss sovereign hosting options, compliance requirements, and custom infrastructure configurations for your organization.

Contact EU Team