Aller au contenu principal
Free tool

SaaS FR/EU compliance checklist

25 points to launch a compliant SaaS in France and Europe: GDPR, e-invoicing (Factur-X), legal notices, VAT and hosting. Get it by email and tick it off online.

GDPR and personal data

  • Up-to-date record of processing activities
  • Legal basis identified for each processing
  • Accessible, up-to-date privacy policy
  • CNIL-compliant cookie banner
  • Data subject rights operational
  • Data processing agreement (DPA) signed with every provider
  • Retention periods defined and enforced
  • Breach notification procedure within 72h

E-invoicing (2026-2027 reform)

  • Invoices in a structured format
  • Connection to an approved e-invoicing platform (PDP)
  • Mandatory details present on every invoice
  • Legal archiving of invoices (10 years)
  • e-reporting planned for the relevant transactions

Legal notices and contracts

  • Complete legal notices
  • Up-to-date, accessible T&Cs
  • Clear pre-contractual information
  • Explicit cancellation terms

Payments and VAT

  • VAT applied based on the customer's location
  • PCI-DSS compliance delegated to the payment provider
  • Payment methods suited to the target market

Hosting and security

  • EU hosting or framed transfer safeguards
  • Regular backups and a tested restore plan
  • Encryption in transit (HTTPS) and hashed passwords
  • 2FA on administrator accounts
  • Logging and monitoring in place

This checklist is informational and does not constitute legal advice. For your specific situation, consult a professional (lawyer, accountant, DPO).

HeartCo already ticks off a good chunk of this list

The Factur-X module, GDPR, French legal pages and SEPA payments ship with the boilerplate. You start compliant, you customize the rest.

Explore the boilerplate
SaaS FR/EU compliance checklist (GDPR + Factur-X) — free | HeartCo