Digital Sovereignty & Data Residency
Mercure is built and operated by a French company on European infrastructure. This page summarises the facts you need to evaluate Mercure for regulated, sovereign, or sensitive workloads.
Legal entity
Dunglas Services SAS is a French société par actions simplifiée with its registered office in France. It is subject exclusively to French and European Union law. The supervisory authority for data protection is the French CNIL.
Where Mercure Cloud runs
| Component | Location | Provider |
|---|---|---|
| Hubs and application servers | Amsterdam, Netherlands | DigitalOcean (US-headquartered, EU region) |
| Database and cache | Amsterdam, Netherlands | DigitalOcean managed services |
| Encrypted nightly backups | Paris, France | AWS (Amazon Web Services EMEA SARL, Luxembourg) |
| Authentication | EU region | Auth0 by Okta |
| Payments | Ireland (EU) | Stripe Payments Europe Ltd |
Primary processing happens entirely in the EU. We never see card numbers, which Stripe holds in its PCI-compliant environment; Stripe and Auth0 may involve incidental third-country processing for cardholder verification or support access, governed by Standard Contractual Clauses. See the Privacy Policy for the full transfer model.
Self-hosting for full control
Mercure is MIT-licensed open source, so any team that needs full infrastructure control can run it themselves:
Open source Hub. A single Go binary, official Docker image, and Helm chart on Artifact Hub. Run it on any cloud, any region, on-premises, or air-gapped.
Mercure Enterprise. A hardened distribution with SLAs, long-term support, advanced cluster mode, and the same self-hostable footprint. Deploy it inside your sovereign cloud, on bare metal, or in a private Kubernetes cluster.
Self-hosted deployments share no data with us. You are the sole controller of the data your Hub processes.
Security posture
State-of-the-art TLS via Caddy, with automatic certificate management, HTTP/2 and HTTP/3 by default.
Optional end-to-end encryption of update payloads with JWE.
JWT-based authorization with topic selectors for fine-grained access control.
Rootless-compatible Docker images to fit hardened Pod Security Standards.
Hardened Helm chart shipping NetworkPolicy and CiliumNetworkPolicy templates, pod-level security context, no CPU limits to avoid CFS throttling, and seccomp/runtime defaults.
Automated security review. Dependency scanning and vulnerability alerts run on every commit on both the open source Hub and the SaaS infrastructure.
Auditable code base. The protocol is an open IETF-style spec; the reference implementation is public.
For details, see the Security Policy.
Export classification
Mercure is EAR99 (No License Required, NLR) under the U.S. Export Administration Regulations. The Mercure Hub is open source software, distributed under the MIT license, and ships no controlled cryptography beyond standard TLS. It is not on the Commerce Control List and is not subject to U.S. export licensing for routine commercial distribution.
This classification is provided in good faith, as a French company exporting French-origin open source software, to help customers in regulated sectors (defense-adjacent, healthcare, finance) document their supply chain. Final classification under your jurisdiction is your responsibility.
Data Processing Agreement
If you process personal data through Mercure Cloud, we offer a standard GDPR Article 28 DPA at /legal/dpa.
Contact
For sovereignty, compliance, or procurement questions, email contact@mercure.rocks.