YOUR DATA,
OUR RESPONSIBILITY

When you connect your bank accounts to Defacto, your data remains yours. Our access is strictly read-only: we do not carry out any transactions or make any changes.

Your information is used solely to assess your financing capacity and offer you tailored solutions, in full compliance with regulatory requirements. No data is shared with third parties without your explicit consent.

ISO 27001:2022

Certification: Proven security

The technical infrastructure, applications, and systems of Defacto are certified ISO 27001:2022 for their information security management system by Accorp Partners Cert Inc. This internationally recognized certification means we apply a rigorous framework for risk management, continuous auditing, and data protection — verified by an independent external organization.

Learn more

Trust Center

Visit our Trust Center to review our certifications, security policies, and audit reports.

Learn more
RGPD

Your rights, our obligations

The General Data Protection Regulation (GDPR) strictly governs how we process your information. Please review our Privacy Policy for more details.

Learn more
DSP 2

A secure bank connection

The European PSD2 directive (Payment Services Directive 2) establishes the strictest security standards for sharing banking data.

  • Your banking credentials are end-to-end encrypted.
  • We never have access to your passwords in plain text.
  • No transactions can be carried out from our platform.

This approach ensures a higher level of security than sending bank documents by email, while also being faster.

ACPR

Authorized and supervised by the ACPR.

Defacto is a financial institution authorized by the ACPR (Autorité de Contrôle Prudentiel et de Résolution), the authority that supervises banks and credit institutions in France. This authorization is not a formality: it imposes stringent standards in terms of:

  • Risk management
  • Data protection
  • Governance and internal controls
  • Regulatory capital and financial soundness

As a result, Defacto is a regulated, supervised player, subject to the same requirements as a traditional bank (with added agility).

Secure and resilient infrastructure

Beyond regulatory compliance, Defacto invests heavily in operational security:

End-to-end encryption for all sensitive data.

Hosting on tier-1 cloud infrastructure (AWS) with geographic redundancy.

Regular penetration testing by external security firms.

Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP).

24/7 system monitoring and automated alerts.

Our uptime: 99.995% over the past 12 months.

A question about security?

We are available to answer any questions regarding the security of your data or our regulatory compliance. At Defacto, transparency is not optional.

Contact our security team.

Every business needs financing, and we're committed to making it simple and fair.

product
Defacto Direct LendingDefacto ConnectDefacto CoreAPI DocsIntegrationsDefacto insights
Uses Cases
Accounts payableAccounts receivableStock financingSupplier discountsSupplier relationshipsAgenciesRetailDTIBFintech PartnersB2B Marketplace
resources
BlogFAQPressCustomersHelp center
Company
AboutCareersHow it works
© 2026 Defacto
Privacy PolicyLegal MentionsT&Cs
We're ACPR licensed
ISO 27001
NVIDIA Inception Program
Built-in Security & Compliance
AGEFI Fintech of the Year 2024
By clicking
"Accept"
, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our
Privacy Policy
for more information.
Accept
Close