Skip to content
Independently verified · Quarterly re-audit
EU VETTED

Lucca

VERIFIED
HR & people · France
Founded 2002 · lucca.fr ↗

French sovereign-cloud HR platform (Nantes / Paris, est. 2002); SecNumCloud + ISO 27001; 1M+ users incl. AXA, Deezer.

Why this score?

Lucca (Nantes / Paris FR, founded 2002, 20+ years operational) is one of the very few procurement-grade HR platforms in this catalogue holding SecNumCloud (ANSSI France) certification alongside ISO 27001 and Qualiopi; 1M+ users including Deezer / AXA / Pernod Ricard; no US-VC ownership identified; full 5/5 with cleanest French sovereign-cloud story in HR.

SCORE
5.0/5
CLOUD ACT
OWNERSHIP
SUB-PROCS
not disclosed
JUMP TO
OVERVIEW

About Lucca

**Lucca** (Nantes and Paris, France, founded 2002) is a 20-year-old French HR-tech vendor with arguably the cleanest sovereignty profile in this catalogue's HR set — **SecNumCloud** (ANSSI France's sovereign-cloud certification, required for French government and OIV/OSE contracts) + **ISO 27001** + **Qualiopi**. The modular product covers payroll (Pagga), time and absences (Timmi), talent and performance (Poplee), compensation, and expenses (Cleemy) — 1M+ users including enterprise clients like AXA, Deezer, and Pernod Ricard. **No US VC ownership** identified; mostly profitable-and-bootstrapped trajectory. For French and European procurement audiences with a strict CLOUD-Act preference, this is a flagship pick.
SUB-PROCESSORS

Sub-processor map · not disclosed

Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.
CERTIFICATIONS

Frameworks & certifications

ISO/IEC 27001
ACTIVE
SecNumCloud
ACTIVE
FEATURES

Capability matrix

INTEGRATION & ACCESS
REST API Yes
SSO (SAML / OIDC) Yes
COMPLIANCE & GOVERNANCE
Audit log Yes
Self-host / on-prem option No
PRICING

Pricing & tiers

PAID
Custom pricing

Contact vendor for tier or volume pricing.

View pricing page ↗
PUBLIC DOCUMENTS

Public documents

DPA accessibility is not scored for this listing. Self-hosted or local software, vendors that are not data processors, and products carrying a SecNumCloud, EUCS or BSI C5 certification are not assessed on DPA accessibility — see How we score.
Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.
  • Data Processing Addendum (DPA)
    — not assessed
    n/a
  • Sub-processors list
    — missing
    missing
ALTERNATIVES

Alternatives in this category

Sage HR
United Kingdom

Sage Group plc's HR cloud product (formerly CakeHR from Riga, acquired 2019); UK-public parent, modular SMB HR.
Factorial
Spain

Spanish HR + payroll + finance SaaS (Barcelona, est. 2016); 16K+ customers, ISO 27001 + SOC 2 + AWS EU, US-VC-funded.
Personio
Germany

Munich-based HR flagship for European SMBs (founded 2015); ISO 27001 + SOC 2 + TISAX; ~$770M US-VC-funded.
See all hr & people alternatives →