Free tool
SaaS FR/EU compliance checklist
25 points to launch a compliant SaaS in France and Europe: GDPR, e-invoicing (Factur-X), legal notices, VAT and hosting. Get it by email and tick it off online.
GDPR and personal data
- Up-to-date record of processing activities
- Legal basis identified for each processing
- Accessible, up-to-date privacy policy
- CNIL-compliant cookie banner
- Data subject rights operational
- Data processing agreement (DPA) signed with every provider
- Retention periods defined and enforced
- Breach notification procedure within 72h
E-invoicing (2026-2027 reform)
- Invoices in a structured format
- Connection to an approved e-invoicing platform (PDP)
- Mandatory details present on every invoice
- Legal archiving of invoices (10 years)
- e-reporting planned for the relevant transactions
Legal notices and contracts
- Complete legal notices
- Up-to-date, accessible T&Cs
- Clear pre-contractual information
- Explicit cancellation terms
Payments and VAT
- VAT applied based on the customer's location
- PCI-DSS compliance delegated to the payment provider
- Payment methods suited to the target market
Hosting and security
- EU hosting or framed transfer safeguards
- Regular backups and a tested restore plan
- Encryption in transit (HTTPS) and hashed passwords
- 2FA on administrator accounts
- Logging and monitoring in place
This checklist is informational and does not constitute legal advice. For your specific situation, consult a professional (lawyer, accountant, DPO).
HeartCo already ticks off a good chunk of this list
The Factur-X module, GDPR, French legal pages and SEPA payments ship with the boilerplate. You start compliant, you customize the rest.
Explore the boilerplate