100% EU Stack · SOC2 Type II · ISO 27001
Security & Compliance
100% EU stack, certified, GDPR-native — zero compromises on compliance
DPA ready to sign. Compliance audit included.
Nos engagements
GDPR native
100% consent-based intent data, zero-party cookies, DPA provided to every client, DPIA available on request.
- ✓Intent data with explicit user consent
- ✓Zero third-party cookies without consent
- ✓Data Processing Agreement (DPA) systematically provided
- ✓DPIA (Data Protection Impact Assessment) available
- ✓Opt-out respected within 24h guaranteed
Certified stack
Infrastructure and components certified SOC2 Type II and ISO 27001. Exclusive sovereign European hosting.
- ✓Partner infrastructure certified SOC2 Type II
- ✓Hosting certified ISO 27001
- ✓Data hosted exclusively within the European Union
- ✓Physical access to EU datacenters only
- ✓Annual security audit by independent third party
Zero legal risk
Official APIs only, zero scraping, full anti-spam compliance, opt-out respected.
- ✓Official APIs exclusively (zero scraping)
- ✓CAN-SPAM and French anti-spam law compliance
- ✓Opt-outs deleted within 24h guaranteed
- ✓No purchase of unconsented email lists
- ✓Full audit logs and complete traceability
Certifications de notre stack
| Composant | Description | Hébergement | Certifications |
|---|---|---|---|
| Intent Data | EU intent data source | EU — Finland | GDPR ISO 27001 |
| Enrichment | EU enrichment engine | EU — France | GDPR SOC2 |
| Visitor identification | EU visitor identification | EU — Finland/Germany | GDPR ISO 27001 |
| Orchestration | Self-hosted orchestration | EU — France | Sovereign |
| Tracking | Cookie-free proprietary EU tracking | EU — France | Sovereign |
DYG n'est pas directement certifié SOC2/ISO 27001. Notre stack et infrastructure le sont. Documentation complète disponible sur demande.
GDPR and B2B prospecting — what the law says
GDPR regulates B2B commercial prospecting differently from B2C. In B2B, email prospecting without prior consent is permitted provided that the message is relevant to the recipient's professional role and that the right to opt out is respected.
Concretely, GDPR imposes three obligations for commercial prospecting:
Prior information
The recipient must know how their data was collected and how to remove it. Every DYG sequence includes these required disclosures.
Right to opt out
A working unsubscribe link must appear in every email. Our system handles removal requests automatically.
Message relevance
Content must relate to the contact's professional function. That is exactly what our intent data-based ABM approach guarantees.
Your data protected at every step of the prospecting process
Effective B2B prospecting does not require invading your targets' privacy. Our approach rests on three principles that make prospecting both high-performing and fully compliant.
Account-level data
Intent data identifies companies, not individuals. Tracking happens at the account level, not via personal cookies. You target the right organisations without tracking people.
Consent-based sources
Our EU intent data source (Finland) collects data from editorial partners whose readers have consented to data sharing. No scraping. No rogue collection. Every signal is traceable and auditable.
Compliant B2B enrichment
Our EU enrichment engine (France) provides compliant B2B professional contact data. Public data, official APIs, continuous updates. The tool respects the legal framework for B2B email prospecting.
Prospect without legal risk — GDPR-compliant digital prospecting
US sales intelligence platforms (Bombora, 6sense, ZoomInfo, Apollo) transfer your data outside the European Union. Since the CJEU Schrems II ruling, those transfers are legally fragile. Our digital prospecting runs on a 100% European stack: intent data in Finland, enrichment and tracking in France, self-hosted orchestration on a sovereign EU certified host. No data ever transits through the United States.
Our stance: compliance is not a brake on commercial prospecting, it is a competitive advantage. Companies that respect the rules build more trust and achieve better response rates.
A sales stack validated by IT departments
Every component of our commercial tooling is certified and audited. No promises: verifiable certifications carried by our partners.
SOC2 Type II
Audit of systems and processes security. Controls validated by an independent third party. SOC2-certified partners: EU intent data source, EU visitor identification, EU enrichment engine.
ISO 27001
Information security management. International standard for data protection. Required by mid-market and enterprise accounts. ISO 27001-certified partners.
DPA provided
Data Processing Agreement ready to sign. Standard GDPR clauses, documented subprocessors, detailed technical measures. Your DPO can validate with full transparency.
Zero scraping
No LinkedIn scraping, no web scraping. Official APIs only (Google Custom Search, public APIs) and consent-based data sources. Clean sales tracking.
GDPR compliance built in, not bolted on
A modern sales stack must integrate GDPR compliance by design. At DYG, every component has been selected to combine performance with data responsibility. Pharos is the technical cornerstone: cookie-free anonymous visitor identification detection, proprietary self-hosted tracking on a sovereign EU certified host, with zero personal data collected.
Result: a commercial stack that generates pipeline without legal risk.
Centralised sales tracking
All interactions — emails, web visits, intent signals — are centralised in your CRM. Sales tracking happens in one tool, with full traceability and an auditable history.
Integrated commercial stack
No juggling between 10 tools. Our stack integrates detection, enrichment, sequences and reporting. One flow, one data policy, one compliance framework to manage.