In January 2026, after four years of collaboration, we made our partnership with Luxgap official. The rationale is not commercial: it is about guaranteeing our clients that they can use our tools with complete confidence, their compliance and security verified by a specialised firm.

How it began

Luxapps publishes platforms — starting with its SIRH — and delivers custom development, including AI projects. One thing quickly became clear: a well-built product is not enough, especially when it handles data as sensitive as payroll. You also have to prove it stays compliant with GDPR, NIS 2 and the AI Act throughout its life cycle. That guarantee requires a DPO and a CISO, not just developers.

Luxgap, a Luxembourg firm specialising in data privacy and cybersecurity, brought exactly that regulatory and offensive expertise. For four years we worked together, project after project. Formalising the partnership happened naturally.

What it changes for our clients

In practice, our clients have nothing extra to do: compliance and security are built into the tool they already use.

  • Tools designed to be compliant by default, audited regularly by Luxgap.
  • Security verified continuously: code reviews, penetration testing, monitoring.
  • Sovereign hosting and data minimisation, particularly for payroll processing.
  • A firm able to attest compliance to their own auditors or to the CNPD.

"When a client entrusts us with their payroll, they entrust us with their employees' most sensitive data. Our duty is that they never have to worry about its security or its compliance."

Luxapps team

Why this partnership

A software publisher can write clean code. Guaranteeing that a tool stays compliant with GDPR, NIS 2 and the AI Act throughout its life requires a different kind of expertise — all the more so when it distributes payslips and payroll information. That is precisely what Luxgap brings to our products and our development.

  • Our products — starting with the Luxapps SIRH and payroll distribution — are designed and audited with Luxgap, compliance and security built in from the outset.
  • Our custom development, AI projects in particular, goes through the same filter: impact assessment, data minimisation, sovereign hosting.
  • Luxgap brings the regulatory expertise (GDPR, NIS 2, AI Act, DORA) and offensive security (pentests, monitoring); Luxapps brings the product and the engineering.

The client gets a complete chain: a tool designed to be compliant, and a firm able to attest to it.

What's next?

Compliance is not a fixed state. Regulations evolve — NIS 2, AI Act, DORA — and our products with them: every change is reviewed with Luxgap before deployment, with no action required from our clients.

We are also strengthening continuous control: regular penetration testing, monitoring, and automation of compliance checks directly within our platforms.

The priority remains the most sensitive processing, starting with payroll, where the smallest data leak would have direct consequences for our clients' employees.

Our compliance commitments A question about your data's security? →