Apparens

Trust Center

How we handle your data, secure your governance work, govern our own AI outputs, and where the product's limits are. Our standard is the one we advise: evidence before assurance.

Trust at a glance

Data export
Available
Account deletion
Available
Advertising trackers
None
Content used to train AI
No
Independent attestation
Not yet
Enterprise workspace
Not yet

The controls described below are implemented and internally tested. Where something is self-attested rather than independently audited, we say so. We do not hold SOC 2 or ISO/IEC 27001 certification and have not published an independent penetration test. The full picture is in the assurance status at the foot of this page.

Data handling

Where your data lives

Your account and governance data is stored in Cloudflare D1 (a SQLite database), with the primary database located in the EU, Amsterdam region. Short-lived items (rate-limit counters, cached briefings, bug-report screenshots) use Cloudflare KV, and static assets are served from Cloudflare's edge; these run on Cloudflare's global network and are not pinned to a single region. Assessment data also lives in your browser's localStorage for offline access. When the app runs an AI workflow, the relevant text is processed by Anthropic outside the EU (see Providers).

What we store

What we do NOT store

Data deletion

You can delete your account and all associated data at any time from the app's security settings. Deletion covers every table that holds your data (profile, assessments, artifacts, evidence, actions, chats, documents, audit log, billing records, and more — enforced by a test that fails if any user-scoped table is ever missed). When you delete an uploaded document, the governance text extracted from it is removed with it.

Two honest caveats, because "instantly and everywhere" would not be true: short-lived cached copies (Cloudflare KV) and routine point-in-time database backups expire on their own schedule rather than the moment you press delete (cached items within 90 days, backups within 30 days), and anonymous analytics rows that were never linked to your account are cleared on a rolling 24-month basis.

Data export

You can export your account and workspace data (GDPR Art. 15 and 20) as a JSON file from the app's security settings: profile, assessments, artifacts, evidence, actions, chat sessions, documents and their extracted text, usage, product events, and the audit log. Short-lived cached items, such as bug-report screenshots, are not included in the export.

Providers and data flow

The app relies on a small set of external services. This is everything that receives data, what it receives, and whether it may use it for model training.

ProviderRoleWhat it receivesTraining use
CloudflareHosting, database (EU/Amsterdam), edge networkAccount and workspace dataN/A
Anthropic (Claude)AI model inferenceYour prompt plus the relevant workspace context for the task (e.g. saved memory, claims extracted from your documents, briefings)Not used to train models; not retained after the response (Zero-Data-Retention arrangement)
ResendTransactional email (login codes, notifications)Your email address and the message contentN/A
StripeSubscription billing (web)Billing and customer identifiers (card data is handled by Stripe, never by us)N/A
RevenueCatApple In-App Purchase management (iOS app)A subscriber identifier tied to your account and your subscription statusN/A
AppleApp Store In-App Purchase processing (iOS app)Payment and subscription data (handled by Apple; card data never reaches us)Per Apple's terms
TavilyPublic-source web research, only when you request itA company name, a public website URL, and jurisdiction. Never your workspace contentPer Tavily's terms
GLEIFLegal-entity register lookupA company legal name only (public register)N/A
Google (Sheets)Contact / interest form intake, where configuredWhat you type into the public contact formPer Google's terms
cdnjs (Cloudflare)Serves one client-side library (html2canvas) for PNG exportNone (a static script, integrity-pinned)N/A

Security

Authentication

Infrastructure

AI security

These controls reduce risk; they do not make the application free of vulnerabilities, and prompt-injection risk cannot be eliminated entirely. Sensitive outputs should be reviewed before reliance.

AI output governance

We advise professionals on defensibility, and we hold our own outputs to the same standard.

Defensible Position Standard The Apparens Doctrine (principles covering evidence discipline, vendor neutrality, role relevance, human responsibility, and confidence marking) is built into the prompts behind every advisory workflow, and a deterministic quality check screens the outputs that carry the most weight.

What the AI does

What the AI does NOT do

Quality controls

The deterministic screen runs on the advisory paths above; the intelligence-harvest and public-research paths rely on doctrine instructions in the prompt rather than the same server-side gate. The screen reduces overclaiming; it does not make model output infallible.

Output versioning

Every AI-generated artifact is saved with its generation date, source workflow, doctrine version, model version, and framework version, so you can trace why a specific recommendation was produced. The current framework, doctrine, and model versions are listed on the changelog.

Responsible AI statement

The AI Control Index uses Anthropic's Claude API. We selected Claude for its instruction-following reliability, its refusal behaviour on harmful requests, and Anthropic's commitment to AI-safety research.

For the news intelligence brief, the Public Evidence Brief, and meeting preparation, the app researches the web via Tavily (search, content extraction, site crawl, deep research) and the free GLEIF legal-entity register, and it fetches the company's own public website. These services receive company names, public website URLs, and (for meeting preparation) the meeting subject only. They do not receive your identity, your messages, the names of meeting attendees, your concerns, or your assessment data. Every evidence brief carries a source ledger showing which services contributed, so you can inspect and validate the work.

The sources these research paths draw on are public: regulator and government publications, company websites, legal-entity registers, and published news. Where the collected material relates to an identifiable organisation or person, it is processed on the basis of the legitimate interest of you and your organisation in preparing an evidence-based governance position, and it is stored in your workspace under the same retention rules as the rest of your data: it is deleted when you delete the brief or your account, and it is never used to train models. If you believe a brief contains public information about you that should not be there, contact office@apparens.nl.

Environmental disclosure

AI inference consumes compute energy. The app displays session-level environmental figures; these are indicative estimates based on usage and model assumptions, not direct measurements. We use efficient prompting practices (task-specific token budgets) to reduce unnecessary compute.

Product scope and known limitations

We would rather you trust us because we are honest about the edges than because we hid them. Here is a direct account of what the AI Control Index can and cannot do.

Built for organisation-sensitive work

What happens to the company data you bring

The app is designed so you can work with real, company-sensitive material, subject to your own data-minimisation and internal-policy judgement. Here is exactly what happens to it.

1. Advisory, not certification

The AI Control Index provides governance decision support. It does not certify, audit, attest, or legally validate anything. Its outputs are starting points for your professional judgment, not endpoints. You should not present them as formal audit findings, legal opinions, compliance certifications, or regulatory attestations.

2. The evidence brief may be incomplete

The Public Evidence Brief gathers information from publicly available sources. Coverage depends on what is publicly accessible; some organisations or AI systems have limited public information; sources may be out of date; and regional or language-specific sources may be underrepresented. Research that you explicitly request produces an AI-assembled report from the public record, labelled as such, with its cited sources listed for you to check.

The brief never fills gaps with guesses. Claims that cannot be confirmed from the collected evidence are marked as requiring validation, and every brief carries a source ledger showing which sources contributed and which did not. The app should not infer that something is absent merely because it was not found. Always verify critical findings through your own channels.

3. Document analysis extracts, it does not validate

When you upload a document, the app extracts governance-relevant information. It does not verify that the claims in the document are true, check the legal validity of contract terms, confirm the regulatory compliance of described practices, or guarantee that the extraction is complete. The analysis highlights what the document says, not whether what it says is correct.

4. Evidence status is not evidence quality

The app can record whether evidence has been identified, supplied, reviewed, found incomplete, marked not applicable, or assigned for follow-up. A status label does not establish the reliability, authenticity, completeness, or operating effectiveness of that evidence. For a material decision, consider provenance, date, scope, ownership, independence, version, and test method. A checked control should never be treated as sufficient evidence simply because it looks complete in the app.

5. Framework alignment does not equal compliance

The app maps concepts and controls to recognised laws, standards, and governance frameworks. A mapping indicates conceptual relevance. It does not prove full conformity, certification readiness, implementation effectiveness, regulatory acceptance, or coverage of every applicable requirement. Use mappings to support analysis and traceability, not as automatic claims of compliance.

6. AI outputs need human review

All AI-generated content, including advisor responses, reports, and evidence summaries, is produced by language models. These outputs may contain errors, may miss context specific to your situation, and may not reflect the most recent regulatory developments. They should be reviewed by a qualified professional before you act on them, and anything flagged "validation needed" deserves particular attention.

What we do about it: advisory outputs pass the server-side quality screen described above, and a response that fails a reliance-relevant check is delivered with a visible "needs review before reliance" caution. This reduces, but does not remove, the need for your review.

7. Export formats

You can export to Word (.docx), PDF (via the print dialog), Markdown, JSON, CSV, and HTML. PowerPoint (.pptx) is not yet available. Format availability depends on your plan; current details are shown in the app and on the pricing page.

8. Individual use, not an enterprise system of record

The AI Control Index is a personal professional workspace. There is no shared workspace, collaborative editing, role-based access within an account, or organisation-level administration; each account is individual. It is also not a replacement for a GRC system of record, an audit-management platform, a regulatory filing system, or an evidence repository. Outputs can be transferred into your organisation's approved systems; the app is for structured reasoning and preparation, not the authoritative record.

9. No continuous monitoring

The app supports point-in-time governance work. It does not continuously monitor AI systems, send alerts when conditions change, track compliance drift over time, or provide real-time dashboards. Use it at a governance moment (a procurement decision, an architecture review, a policy review, a risk assessment), not as a standing watch. Establishing ongoing monitoring and escalation remains your responsibility.

10. Not a replacement for legal, audit, or compliance functions

To be explicit: the AI Control Index is not, and does not replace, a qualified legal advisor, a certified auditor, a compliance management system, or a regulatory filing tool. It helps you think through governance questions with evidence. The decisions, and their consequences, remain yours.

Assurance status

Trust should be inspectable. This is the current status of each claim, including what is not yet independently verified.

Data exportAvailable
Account deletionAvailable
Passwordless authenticationImplemented
Server-side output quality screenImplemented (internally tested)
First-party measurement only, no advertising trackersImplemented
Customer content used for model trainingNo (Anthropic API terms)
Anthropic data retentionZero-Data-Retention arrangement
Independent penetration testNot published
SOC 2Not certified
ISO/IEC 27001Not certified
Formal external security attestationNot available
Enterprise shared workspaceNot available

We will not represent internal controls as independent assurance. As the product matures, this page will be updated to match. We practise what we advise: evidence before assurance.

Questions

Questions about data handling, security, product scope, or any limitation here can go to office@apparens.nl. Security concerns are welcome at the same address; please include the affected page or function and steps to reproduce, and avoid including unnecessary personal or confidential data in the first report.