LEXPAT ConnectLEXPATConnect
FREN

Security & compliance

How LEXPAT Connect separates professional matching from legal processing

An architecture designed to protect data, clarify roles and secure the path between matching and legal support.

Block 1Public front-end

A single entry point

LEXPAT Connect brings initial forms and user journeys together in one clear, matching-focused interface.

Employer CTAs
Worker CTAs
Simple forms
Single entry point

Block 2100% European infrastructure

Data hosted in France and Europe

All platform infrastructure is hosted in Europe. Providers have been verified and GDPR agreements signed.

Supabase — Paris (eu-west-3) ✅
Vercel — Paris (cdg1) ✅
Resend — Ireland, SOC 2 ✅
DPA signed with each provider ✅
RLS enabled on all tables ✅
Secret keys in Vercel only ✅

Block 3Matching engine

Business rules and compatibility

The platform compares employer needs and worker profiles without exposing identifying information too early.

Compatibility score
Occupation matching
Languages and mobility
Single permit priority

Block 4Introductions

Progressive and framed contact

The platform first limits exposure, then frames what is shared according to the actual stage of the relationship between employer and worker.

Match validation
Limited data sharing
Progressive exposure
GDPR minimization

Block 5LEXPAT law firm — separate legal relay

A distinct legal perimeter

When a recruitment moves toward a single permit or an economic immigration issue, the LEXPAT law firm intervenes in a separate legal framework.

Single permit
Economic immigration
Case follow-up
Dedicated infrastructure
Professional secrecy
Separate data controller

Clear GDPR separation

Legal processing operates in a perimeter distinct from the matching platform, with professional secrecy, dedicated infrastructure and its own legal basis. This page presents the intended operating model and core principles, but does not replace the detailed legal documents.

Benefits

Why this architecture protects both employers and workers

The platform limits transfers, separates roles and only activates the law firm when a relationship moves toward a real recruitment process.

1

Data hosted in France (Paris) — Supabase eu-west-3 & Vercel cdg1

2

DPA signed with Supabase, Resend and Anthropic

3

Personal data protected by RLS on all tables

4

No personal data transmitted to AI models (Claude, OpenAI)

5

Matching before identity disclosure

6

LEXPAT legal relay activated only when needed

Report a bug