Chez Objectory, we know that what you entrust to us has a value that goes well beyond simple numerical data. Behind each recorded object is a story, a memory, sometimes even a part of your heritage. That's why the protection of your information is at the very heart of our philosophy.

From the very first line of code, security was built into Objectory's design. We made the choice to adopt the best industry standards and to work with partners renowned for their high standards of confidentiality and cybersecurity. Here is, in all transparency, what we have put in place to ensure that your data is in good hands: yours.

‍

End-to-end encrypted data

The first guarantee is the full encryption of your data. This means that all the information you save in Objectory — whether it's photos, certificates, invoices, or personal notes — is protected at every stage of its life.

‍When they flow between your device and our servers, they are protected by the protocols TLS 1.2 or 1.3, the same ones used by big banks or financial institutions. This system prevents any interception or reading of your data by a third party.

‍When stored, they benefit from a AES-256 encryption, considered to be the most robust standard currently available. This encryption acts like a digital safe: even if a physical medium (such as a hard drive) were stolen, it would be impossible to extract your data without the corresponding key.

But we go even further: each user has their own personal encryption key, generated randomly and protected from its password. This key is used to encrypt and decrypt data, and only you control access to it. you can use it. In other words, even our technical team has no way of accessing your information. Only you have the key to open your personal space. It is this approach that makes Objectory a truly private and secure solution

‍

Strengthened authentication at every stage

For a system to be secure, it is not enough to protect data: it is also necessary secure accesses.

At Objectory, each user has a unique, randomly generated identifier (UUID v4), which does not contain any personal information. So even our databases do not store directly identifying data.

Access to your account is through a double authentication (2FA) combining a password and a validation code received by email or via an authentication application. This double check blocks any unauthorized login attempts, even if your password is compromised.

We have also integrated a automatic disconnection system : After five minutes of inactivity, a message is displayed to warn you that the session is about to expire. Without action on your part, it is automatically closed. It's discreet but essential security, especially if you're using the app on a shared or business device.

Finally, for certain sensitive actions — such as exporting your data — an additional check is required: a new authentication is required before any extraction.

And to protect your visual data, screenshots are disabled in the application: no one can save or share the information displayed on the screen by mistake.

‍

An infrastructure hosted in Switzerland

Because data localization is a crucial part of trust, Objectory is hosted by Infomaniak, a Swiss player recognized for the quality of its infrastructures and its commitment to European digital sovereignty.

Objectory servers are isolated within an environment Kubernetes, on a secure private network, which only the backend of the application can access. Internal communications between servers are protected by a VPN and are never exposed to the Internet.

All databases are automatically saved every day. These backups, which are also encrypted, are stored in redundant servers within Infomaniak's infrastructures, guaranteeing both the security And the sustainability of your data, even in the event of a major technical incident.
‍
This accommodation in Switzerland is not trivial: it is part of a legal framework renowned for its confidentiality requirement. Swiss data protection laws offer a level of rigor equivalent to, or even higher, than that of the European GDPR.

‍

An application tested and kept up to date

Security is not a fixed state: It is a continuous process.

Regular audits are planned, on all software dependencies used in Objectory, both on the frontend (via NPM Audit and Yarn Audit) than on the backend (based on Django, a framework renowned for its robustness and one of the most used and controlled in the world).

We consistently apply security updates as soon as they are released and only use libraries Open source under MIT license or equivalent, guaranteeing their transparency and reliability.

To prevent classical attacks, our system relies on an ORM that neutralizes the risks of SQL injection, one of the most prevalent threats on the web.We also set up role-based access control : each action in the application is subject to a specific authorization, verified at several levels by the backend.

The files (images, certificates, documents, etc.) are only accessible via our servers, which systematically check the access rights and demanding The decryption key to view the file. So even if a link was intercepted, it would be completely unusable.

Finally, the code of the final version of the application is obfuscated before publication. This makes it extremely complex to read or modify and prevents any attempt at reverse engineering.

‍

Compliance with OWASP standards

The whole Objectory was designed in accordance with the recommendations of OWASP Top 10, the global reference in web application security.

These standards cover the main risks identified (injections, authentication breaches, data leaks, etc.) and serve as the basis for all our internal audits. This approach allows us to maintain one level of security at a time technically solid and evolving over time, integrating the future requirements of the sector as of today.

‍

In short: your digital heritage, in good hands

Objectory is not only an application for managing valuables: it is a personal digital safe, designed to protect what matters most. Each feature, each technical decision is based on a fundamental principle: You are the only one in control of your data. We don't resell any information, we don't share anything with third parties, and we can't access your content.

Our role is limited to providing a reliable, efficient and highly secure platform, so you can manage your items, valuables, and memories with confidence. Safety is not a marketing argument: it is a promise that we keep every day.