Skip to content

Data and privacy

Where your data is stored, what is encrypted, and how Le Bureau handles privacy.

2 min read

Overview

Le Bureau hosts everything on dedicated infrastructure in France, encrypts sensitive information at rest and in transit, and isolates every desktop in its own virtual machine.

Where your data is stored

All Le Bureau infrastructure runs on dedicated servers located in France (EU). Your desktops, files, database records, and backups never leave European soil. Your data is therefore subject to EU data protection laws, including GDPR.

We do not use shared cloud providers for compute. Every desktop VM runs on our own hardware -- not on AWS, GCP, or Azure.

What is encrypted

API keys and provider configuration

When you add your AI provider API key (Anthropic, OpenAI, or OpenRouter), it is encrypted at rest in our database before being passed to your VM. The key is only decrypted when your desktop boots and needs to connect to your provider.

Cookies

All authentication cookies use the __Secure- or __Host- prefix, are marked httpOnly and secure, and use sameSite=lax. They are only transmitted over HTTPS, cannot be read by JavaScript, and are protected against cross-site request forgery.

Data in transit

All connections between your browser and Le Bureau use HTTPS (TLS). WebSocket connections for terminal and VNC are also encrypted. There are no unencrypted endpoints.

VM isolation

Every desktop is a separate virtual machine with its own CPU and RAM allocation, dedicated virtual disk, and isolated network interface. VMs cannot communicate with each other.

This is not container-level isolation. Each desktop is a full virtual machine with its own kernel, so users are separated at the hardware level.

What we do not access

  • We do not read your files or monitor your desktop activity.
  • We do not log your AI conversations or agent commands.
  • We do not share your data with third parties.
  • We do not use your data for training AI models.

The only data we collect is what's necessary to operate the platform: your account information (email, OAuth ID), desktop metadata (status, resource usage), and billing records.

Data deletion

You can delete any desktop at any time from your dashboard. This permanently removes the VM and all associated data. If you want to delete your entire account and all associated data, contact us at contact@talentai.fr. See our GDPR policy for details on your data rights.

Related docs

GDPR compliance

Your data rights under GDPR, and how Le Bureau handles data protection, retention, and deletion.

Authentication and sessions

OAuth login, session management, and cookie security.

Network security

How Le Bureau secures connections with CSP headers, rate limiting, TLS, and WebSocket authentication.

NextAuthentication and sessions