European hosting, European data: why it matters
Questions of hosting and data jurisdiction sound technical. Yet they have a very concrete effect on what can, or cannot, be done with your information.
- A question that goes beyond the technical
- Special categories, reinforced level
- Not a medical file, but sensitive all the same
- Three concrete differences tied to jurisdiction
- A standard, not a promise
- Beyond borders
- GDPR, the short version
- Ordinary data
- Special categories
- The technical choices of a European host
- Beyond hosting
- A guarantee that does not depend on the provider
- A guarantee that applies to future changes
- Why the server matters as much as the code
- Why regular auditing matters
- A guarantee that follows the user
- An overall coherence
- For coherent protection
A question that goes beyond the technical
When we speak of personal functioning, of adaptation needs, of soothing routines, we are speaking of special categories within the meaning of the European regulation. The expected level of protection is higher than for ordinary data.
Where this information lives determines what can be applied to it.
The geography of the servers is not a matter of display, it is a legal matter. It directly conditions the legal framework that applies to the data.
Special categories, reinforced level
The GDPR distinguishes ordinary data (name, address, date of birth) from special categories (health, disability, sex life, political opinions, etc.).
For the latter, explicit consent and a clear purpose are mandatory.
Not a medical file, but sensitive all the same
myHandiQR is not a medical file. It is a tool for inclusive expression.
But the information it contains falls under special categories as soon as it touches on a way of functioning, on adaptation needs, on a way of life.
Three concrete differences tied to jurisdiction
The applicable jurisdiction
Data hosted in Europe falls under European law, and only under it, in the normal course of its processing. No non-European legislation can impose direct access to the data.
Access by authorities
The conditions for access by third-party authorities are strictly framed, unlike what can exist in other jurisdictions where local laws allow near-automatic access on simple request.
Commercial use
The commercial use of special categories of data is forbidden without explicit and specific consent. On myHandiQR, it simply does not take place: the business model rests on the subscription, not on monetising data.
A standard, not a promise
Compliance with the GDPR is not a marketing argument. It is a legal obligation, whose breach exposes the platform to penalties.
That is why the European regulation is cited as a guarantee: it does not depend on the publisher's goodwill, it is imposed on them. The profile holder is protected by an external framework, on which the publisher is itself dependent.
This external protection matters especially when you entrust a tool with information you would not want to find anywhere else.
Beyond borders
The profile holder can live outside Europe and use the tool.
The reader can scan from anywhere, with no change.
It is the data, not the users, that is European.
GDPR, the short version
The General Data Protection Regulation came into force in May 2018 across the entire European Union. It sets a common framework for the collection, storage and processing of personal data, and imposes obligations on any actor who handles it.
For the user, the GDPR translates concretely into several rights: being informed of the collection, accessing your data, requesting its correction, requesting its erasure, objecting to certain processing. These rights are not optional, they are enforceable against any platform that offers a service to European users.
For myHandiQR, this framework is structuring. It guides the design of the product from the outset, not as a layer added after the fact. Data protection is part of the architecture, on the same footing as the sharing feature.
Ordinary data
Name, address, email, phone number: these are personal data, but ordinary.
Their processing is regulated, but does not require a separate explicit consent.
Special categories
Health, disability, opinion, intimate private life: these are special categories.
Their processing requires explicit consent, and a clearly defined purpose.
The technical choices of a European host
Choosing a European host is not just a geographical decision. It is a legal decision that determines which laws apply to the servers where your data lives.
European hosts are subject to regular audits, to security certifications, and to notification obligations in the event of an incident. They are also required to be transparent about any subcontractors and about data transfers to third countries.
For data as sensitive as that of the profile, this level of requirement is not a comfort, it is a necessity. It guarantees that European legal protections apply fully, with no possible exception through non-European legislation.
Beyond hosting
Hosting is only one aspect of data protection.
The choices around encryption, authentication, backup and access management matter as much as the location of the servers.
A guarantee that does not depend on the provider
The GDPR applies to the provider, regardless of its will.
For the user, it is a reliable external framework, one that does not depend on a company's internal culture.
A guarantee that applies to future changes
If the platform one day changes owner, business model or direction, the GDPR will continue to apply.
The protections already granted to users cannot be reduced unilaterally.
Why the server matters as much as the code
A well-designed platform with a problematic host remains exposed to risk.
Conversely, an exemplary host with a poorly designed platform does not provide the full guarantee. Both levels matter.
Why regular auditing matters
Data security is not a fixed state. It is verified through regular audits, penetration tests, and vulnerability analyses.
These checks, even though they remain invisible to users, are an essential part of the system.
A guarantee that follows the user
Whether the user is in France, Germany, or elsewhere in Europe, the protection guarantee applies in the same way. The legal framework is unified at the level of the Union, which ensures a consistent experience across member countries.
For users outside Europe (who can create a profile using myHandiQR from abroad), data protection remains the same, because it is attached to the servers and not to the user's nationality. The data is managed under the European regime, regardless of the place of use.
This extraterritorial reach of the GDPR is a particularity of European law, and one of the elements that make this framework attractive to international users concerned about the protection of their data.
An overall coherence
Data protection by myHandiQR does not rest on a single element, but on the consistency of a set of choices: European host, GDPR compliance, business model without advertising, separation of QR code and data, granular access, immediate revocation, retention during subscription pauses. Each of these choices reinforces the others, and together they form a system.
This consistency is not an accumulation of ticked boxes. It reflects a product orientation: making the protection of users a structuring dimension, not an added layer. This orientation is reflected in all decisions, from the most visible (encryption, passwords) to the most invisible (choice of subprocessors, training of internal teams).
For users, this consistency is verified over time. Year after year, the product's evolutions follow the same logic: more control for the creator, more transparency about uses, more simplicity in data management procedures.
It is this continuity that distinguishes a platform structurally oriented toward the protection of users from a platform that would have simply met the minimum requirements of the GDPR. For data as sensitive as that of the profile, this difference matters a great deal.
For coherent protection
Sharing information about sensitive subjects is not meant to be one more task in an already busy life. It is meant to free up space for the rest, by avoiding pointless repetition, avoidable misunderstandings and explanations given at the wrong moment. It is this logic of saving effort, extended over time, that makes the QR code a tool useful in daily life rather than one more administrative formality.
Over time, regular users of the tool report a concrete improvement in their experience in contexts where communication used to be an obstacle. This improvement, modest taken on its own, becomes significant when it adds up across dozens of situations a year.