Trust at a glance
The controls described below are implemented and internally tested. Where something is self-attested rather than independently audited, we say so. We do not hold SOC 2 or ISO/IEC 27001 certification and have not published an independent penetration test. The full picture is in the assurance status at the foot of this page.
Data handling
Where your data lives
Your account and governance data is stored in Cloudflare D1 (a SQLite database), with the primary database located in the EU, Amsterdam region. Short-lived items (rate-limit counters, cached briefings, bug-report screenshots) use Cloudflare KV, and static assets are served from Cloudflare's edge; these run on Cloudflare's global network and are not pinned to a single region. Assessment data also lives in your browser's localStorage for offline access. When the app runs an AI workflow, the relevant text is processed by Anthropic outside the EU (see Providers).
What we store
- Your email address and profile (role, organisation, sector)
- Assessment scores and evidence status
- AI-generated artifacts (decision records, meeting briefs, vendor reviews, and similar)
- Governance-relevant text extracted from documents you upload
- Chat session metadata and usage counters
- An audit log of governance actions
- Product usage events from a fixed, allowlisted set (such as a page visit, demo start, sign-up, completing an index, checkout steps, and feedback): a session-scoped anonymous id before sign-in, your account id after sign-in, kept 24 months, used only to improve the product
- If you keep the optional weekly intelligence digest on: a first-party open pixel and click tokens on that email, with one-click unsubscribe (disclosed in the Privacy Policy)
What we do NOT store
- Your uploaded files (text is extracted, then the file itself is discarded)
- Passwords (we use passwordless email verification)
- Payment card details (handled entirely by Stripe)
- Browsing history, third-party analytics, or advertising trackers. First-party measurement only, with no third-party analytics service of any kind
Data deletion
You can delete your account and all associated data at any time from the app's security settings. Deletion covers every table that holds your data (profile, assessments, artifacts, evidence, actions, chats, documents, audit log, billing records, and more — enforced by a test that fails if any user-scoped table is ever missed). When you delete an uploaded document, the governance text extracted from it is removed with it.
Two honest caveats, because "instantly and everywhere" would not be true: short-lived cached copies (Cloudflare KV) and routine point-in-time database backups expire on their own schedule rather than the moment you press delete (cached items within 90 days, backups within 30 days), and anonymous analytics rows that were never linked to your account are cleared on a rolling 24-month basis.
Data export
You can export your account and workspace data (GDPR Art. 15 and 20) as a JSON file from the app's security settings: profile, assessments, artifacts, evidence, actions, chat sessions, documents and their extracted text, usage, product events, and the audit log. Short-lived cached items, such as bug-report screenshots, are not included in the export.
Providers and data flow
The app relies on a small set of external services. This is everything that receives data, what it receives, and whether it may use it for model training.
| Provider | Role | What it receives | Training use |
|---|---|---|---|
| Cloudflare | Hosting, database (EU/Amsterdam), edge network | Account and workspace data | N/A |
| Anthropic (Claude) | AI model inference | Your prompt plus the relevant workspace context for the task (e.g. saved memory, claims extracted from your documents, briefings) | Not used to train models; not retained after the response (Zero-Data-Retention arrangement) |
| Resend | Transactional email (login codes, notifications) | Your email address and the message content | N/A |
| Stripe | Subscription billing (web) | Billing and customer identifiers (card data is handled by Stripe, never by us) | N/A |
| RevenueCat | Apple In-App Purchase management (iOS app) | A subscriber identifier tied to your account and your subscription status | N/A |
| Apple | App Store In-App Purchase processing (iOS app) | Payment and subscription data (handled by Apple; card data never reaches us) | Per Apple's terms |
| Tavily | Public-source web research, only when you request it | A company name, a public website URL, and jurisdiction. Never your workspace content | Per Tavily's terms |
| GLEIF | Legal-entity register lookup | A company legal name only (public register) | N/A |
| Google (Sheets) | Contact / interest form intake, where configured | What you type into the public contact form | Per Google's terms |
| cdnjs (Cloudflare) | Serves one client-side library (html2canvas) for PNG export | None (a static script, integrity-pinned) | N/A |
Security
Authentication
- Passwordless 6-digit email verification codes
- Codes generated with cryptographic randomness (Web Crypto API)
- Codes expire after 10 minutes, with a maximum of 5 attempts per code
- IP-based rate limiting on verification (20 attempts per hour)
- JWT sessions signed with HMAC-SHA256; one functional cookie, set HttpOnly, Secure, SameSite=Lax
Infrastructure
- Cloudflare Pages Static assets served from the global CDN
- Cloudflare Workers Server-side logic at the edge
- Cloudflare D1 Database access uses parameterized queries to reduce SQL-injection risk
- HTTPS enforced (HSTS 2 years, includeSubDomains, preload)
- Security headers: CSP, X-Frame-Options, X-Content-Type-Options, COOP, CORP, Referrer-Policy, Permissions-Policy
AI security
- Prompt-injection detection (pattern matching plus a refusal policy)
- Client-supplied and retrieved content is marked as untrusted in the system prompt
- Input sanitisation: HTML stripping, null-byte removal, message-length caps
- Your content is not used to train AI models, and under our Anthropic Zero-Data-Retention (ZDR) arrangement it is not retained by Anthropic after the response is returned
These controls reduce risk; they do not make the application free of vulnerabilities, and prompt-injection risk cannot be eliminated entirely. Sensitive outputs should be reviewed before reliance.
AI output governance
We advise professionals on defensibility, and we hold our own outputs to the same standard.
What the AI does
- Generates governance advice, meeting preparation, vendor analysis, evidence checklists, and decision support
- Distinguishes between facts, assumptions, inferences, and validation needs
- Marks vendor claims as unverified until evidenced
- Produces role-specific output adapted to CTO, CISO, CDO, DPO, CFO, EA, Procurement, and Legal responsibilities
What the AI does NOT do
- Does not provide legal advice or formal compliance certification
- Does not approve, certify, or guarantee anything
- Does not browse the live web during a chat. Current awareness comes from a weekly curated intelligence harvest and from research you explicitly request (public-evidence scan, meeting preparation), always with sources listed for your validation
- Does not replace professional judgment, auditors, or legal counsel
Quality controls
- Quality gate Advisory outputs (chat, generated artifacts, reports, and meeting preparation) are screened server-side for overclaim language, unqualified regulatory claims, missing confidence markers, and missing accountability handoff
- Flagged, not blocked A flagged output is still delivered, carrying a visible "needs review before reliance" caution. We surface the concern rather than silently rewrite or withhold the answer
- Confidence marking On high-stakes outputs, material claims are classified as fact, assumption, inference, or validation-needed
- Forbidden language Overclaim words such as "fully compliant," "guaranteed," "audit-proof," and "zero risk" trigger a review flag
- Low-temperature generation Regulatory content is generated with reduced model randomness for consistency
- Source awareness The AI states when it cannot verify current information
The deterministic screen runs on the advisory paths above; the intelligence-harvest and public-research paths rely on doctrine instructions in the prompt rather than the same server-side gate. The screen reduces overclaiming; it does not make model output infallible.
Output versioning
Every AI-generated artifact is saved with its generation date, source workflow, doctrine version, model version, and framework version, so you can trace why a specific recommendation was produced. The current framework, doctrine, and model versions are listed on the changelog.
Responsible AI statement
The AI Control Index uses Anthropic's Claude API. We selected Claude for its instruction-following reliability, its refusal behaviour on harmful requests, and Anthropic's commitment to AI-safety research.
- Model: Anthropic Claude, the latest and most appropriate model for each task
- Training: your content is not used to train any model, under Anthropic's API terms
- Retention: under our Anthropic Zero-Data-Retention (ZDR) arrangement, your content is not retained by Anthropic after the response is returned
- Apparens remains responsible for the product-level controls: prompt architecture, output qualification, user warnings, and provider governance
For the news intelligence brief, the Public Evidence Brief, and meeting preparation, the app researches the web via Tavily (search, content extraction, site crawl, deep research) and the free GLEIF legal-entity register, and it fetches the company's own public website. These services receive company names, public website URLs, and (for meeting preparation) the meeting subject only. They do not receive your identity, your messages, the names of meeting attendees, your concerns, or your assessment data. Every evidence brief carries a source ledger showing which services contributed, so you can inspect and validate the work.
The sources these research paths draw on are public: regulator and government publications, company websites, legal-entity registers, and published news. Where the collected material relates to an identifiable organisation or person, it is processed on the basis of the legitimate interest of you and your organisation in preparing an evidence-based governance position, and it is stored in your workspace under the same retention rules as the rest of your data: it is deleted when you delete the brief or your account, and it is never used to train models. If you believe a brief contains public information about you that should not be there, contact office@apparens.nl.
Environmental disclosure
AI inference consumes compute energy. The app displays session-level environmental figures; these are indicative estimates based on usage and model assumptions, not direct measurements. We use efficient prompting practices (task-specific token budgets) to reduce unnecessary compute.
Product scope and known limitations
We would rather you trust us because we are honest about the edges than because we hid them. Here is a direct account of what the AI Control Index can and cannot do.
What happens to the company data you bring
The app is designed so you can work with real, company-sensitive material, subject to your own data-minimisation and internal-policy judgement. Here is exactly what happens to it.
- Documents you upload: the text is extracted for analysis, then the file itself is discarded. We do not keep your uploaded files.
- What we keep: the extracted, governance-relevant text and the artifacts you generate, stored in your private account (Cloudflare D1, EU/Amsterdam, served over HTTPS).
- AI processing: your inputs go to Anthropic's Claude API to produce a response; under our Zero-Data-Retention arrangement they are not retained by Anthropic after the response, and are not used to train any model.
- No tracking of your content: your governance material is never shared with advertising or third-party analytics services. Product-usage measurement is first-party only and covers a fixed, allowlisted set of events, never the content of your work.
- Your control: you can export everything and delete everything at any time from the app's security settings (see Data deletion and Data export above for the precise scope).
1. Advisory, not certification
The AI Control Index provides governance decision support. It does not certify, audit, attest, or legally validate anything. Its outputs are starting points for your professional judgment, not endpoints. You should not present them as formal audit findings, legal opinions, compliance certifications, or regulatory attestations.
2. The evidence brief may be incomplete
The Public Evidence Brief gathers information from publicly available sources. Coverage depends on what is publicly accessible; some organisations or AI systems have limited public information; sources may be out of date; and regional or language-specific sources may be underrepresented. Research that you explicitly request produces an AI-assembled report from the public record, labelled as such, with its cited sources listed for you to check.
The brief never fills gaps with guesses. Claims that cannot be confirmed from the collected evidence are marked as requiring validation, and every brief carries a source ledger showing which sources contributed and which did not. The app should not infer that something is absent merely because it was not found. Always verify critical findings through your own channels.
3. Document analysis extracts, it does not validate
When you upload a document, the app extracts governance-relevant information. It does not verify that the claims in the document are true, check the legal validity of contract terms, confirm the regulatory compliance of described practices, or guarantee that the extraction is complete. The analysis highlights what the document says, not whether what it says is correct.
4. Evidence status is not evidence quality
The app can record whether evidence has been identified, supplied, reviewed, found incomplete, marked not applicable, or assigned for follow-up. A status label does not establish the reliability, authenticity, completeness, or operating effectiveness of that evidence. For a material decision, consider provenance, date, scope, ownership, independence, version, and test method. A checked control should never be treated as sufficient evidence simply because it looks complete in the app.
5. Framework alignment does not equal compliance
The app maps concepts and controls to recognised laws, standards, and governance frameworks. A mapping indicates conceptual relevance. It does not prove full conformity, certification readiness, implementation effectiveness, regulatory acceptance, or coverage of every applicable requirement. Use mappings to support analysis and traceability, not as automatic claims of compliance.
6. AI outputs need human review
All AI-generated content, including advisor responses, reports, and evidence summaries, is produced by language models. These outputs may contain errors, may miss context specific to your situation, and may not reflect the most recent regulatory developments. They should be reviewed by a qualified professional before you act on them, and anything flagged "validation needed" deserves particular attention.
What we do about it: advisory outputs pass the server-side quality screen described above, and a response that fails a reliance-relevant check is delivered with a visible "needs review before reliance" caution. This reduces, but does not remove, the need for your review.
7. Export formats
You can export to Word (.docx), PDF (via the print dialog), Markdown, JSON, CSV, and HTML. PowerPoint (.pptx) is not yet available. Format availability depends on your plan; current details are shown in the app and on the pricing page.
8. Individual use, not an enterprise system of record
The AI Control Index is a personal professional workspace. There is no shared workspace, collaborative editing, role-based access within an account, or organisation-level administration; each account is individual. It is also not a replacement for a GRC system of record, an audit-management platform, a regulatory filing system, or an evidence repository. Outputs can be transferred into your organisation's approved systems; the app is for structured reasoning and preparation, not the authoritative record.
9. No continuous monitoring
The app supports point-in-time governance work. It does not continuously monitor AI systems, send alerts when conditions change, track compliance drift over time, or provide real-time dashboards. Use it at a governance moment (a procurement decision, an architecture review, a policy review, a risk assessment), not as a standing watch. Establishing ongoing monitoring and escalation remains your responsibility.
10. Not a replacement for legal, audit, or compliance functions
To be explicit: the AI Control Index is not, and does not replace, a qualified legal advisor, a certified auditor, a compliance management system, or a regulatory filing tool. It helps you think through governance questions with evidence. The decisions, and their consequences, remain yours.
Assurance status
Trust should be inspectable. This is the current status of each claim, including what is not yet independently verified.
| Data export | Available |
|---|---|
| Account deletion | Available |
| Passwordless authentication | Implemented |
| Server-side output quality screen | Implemented (internally tested) |
| First-party measurement only, no advertising trackers | Implemented |
| Customer content used for model training | No (Anthropic API terms) |
| Anthropic data retention | Zero-Data-Retention arrangement |
| Independent penetration test | Not published |
| SOC 2 | Not certified |
| ISO/IEC 27001 | Not certified |
| Formal external security attestation | Not available |
| Enterprise shared workspace | Not available |
We will not represent internal controls as independent assurance. As the product matures, this page will be updated to match. We practise what we advise: evidence before assurance.
Questions
Questions about data handling, security, product scope, or any limitation here can go to office@apparens.nl. Security concerns are welcome at the same address; please include the affected page or function and steps to reproduce, and avoid including unnecessary personal or confidential data in the first report.
