Orbifs is an EU-hosted project file system. Your project data is stored on European infrastructure, operated by a single European cloud provider, and governed under EU/EEA data-protection law. Here is precisely what that means — and, just as importantly, what we do not claim.
Orbifs is a European-hosted, EU-governed project file system. Customer file data is stored in France (EU) on European cloud infrastructure. The provider, Archi Systems AS, is established in Norway, within the EEA, and applies the GDPR. We do not market Orbifs as a “fully sovereign cloud” unless and until a complete, verified sovereignty package supports that claim.
We use deliberately accurate language. “Sovereign cloud” is not a single feature — it can involve data location, metadata, logs, backups, encryption keys, support access, subprocessors, contracts, legal jurisdiction and operational governance. We describe each of these honestly rather than reduce them to a slogan.
Under the current architecture, no customer project data is stored outside the EU. That includes:
| Storage | Detail |
|---|---|
| Region | Paris, France (EU) |
| Provider | A European cloud provider — named in our subprocessor list, on request |
| Resilience | Replicated across multiple data centres for durability |
| Protection | Encryption at rest; immutable, tamper-resistant versions |
| Data transfer | No data-transfer fees for customers |
Because Norway is part of the EEA, Archi Systems AS is itself subject to the GDPR — and hosting customer data in France (EU) involves no transfer of personal data outside the EEA.
| Item | Detail |
|---|---|
| Legal entity | Archi Systems AS |
| Company registration | Norwegian org. no. 916 683 332 |
| Registered address | Gustav Vigelands Vei 36, Oslo, Norway |
| Jurisdiction | Norway — a member of the EEA, applying the GDPR |
| Brand / service | Orbifs (orbifs.eu) |
| Sales model | Sold directly by Archi Systems AS — no resellers in the data path |
A subprocessor is a third party that processes customer data on our behalf. We keep this list small and EU-based wherever practical, and share the full named list on request and in our DPA.
| Subprocessor | Purpose | Location |
|---|---|---|
| European cloud provider | Hosting, storage and infrastructure for all customer data | France (EU) |
| Payment provider | Billing and payment processing — account/billing data only, never project files | EU |
| Email service to be confirmed | Support correspondence only; not in the project-data path | EU/EEA preferred |
If any operational vendor is located outside the EEA, we document the transfer mechanism (such as Standard Contractual Clauses) and assess it before use. No such transfer is planned for customer project data, which stays on European cloud infrastructure in France. Any vendor that processes personal data is added to the published list, with purpose and location, and customers are notified of material changes.
You control who in your organisation can reach projects, through user accounts, roles and permissions in the Orbifs admin console. Guest and client access can be granted and revoked per project, so external partners only ever see what you share with them.
We do not call Orbifs a “fully sovereign cloud.” That term carries specific expectations across keys, support access, contracts and jurisdiction that we are still finalising. When the complete, verified package is in place, we’ll say so — and not before.
We’ll provide the Data Residency Statement, our DPA and subprocessor list, and answer your security questionnaire from a maintained answer bank.