Security and Compliance, Our Commitments

Aprovall is committed to protecting your data with the highest standards of security and confidentiality. Discover our certifications, security practices and our transparent approach to compliance.

ISO 27001
ISO 27701
Galink
Ecovadis
Documents

Download our compliance artifacts

Public documents are available instantly. Gated ones require a short NDA.

Public
Other

Carbon Footprint 2025

Carbone footprint 2025 Aproval included scope 1, scope 2 and scope 3

Updated May 2026
Download
NDA
Questionnaire

Vendor Security Questionnaire (CAIQ)

Updated Jun 2026
Request
NDA
Audit report

Galink Assessment

Updated May 2026
Request
Public
Policy

Responsible Disclosure Policy

Responsibly report security vulnerabilities

Updated May 2026
View
Public
Legal

Terms of Use

Rules for accessing and using the platform

Updated May 2026
View
Public
Legal

Cookie Policy

This cookie policy explains what cookies are, which cookies are used on this website, for what purposes, for how long, by whom the data may be processed, and how you can manage your consent.

Updated May 2026
View
Public
Legal

Legal Notices

General terms of access and use of the website

Updated May 2026
View
NDA
Legal

General Subscription Terms

Updated May 2026
Request
NDA
Policy

Information Security Policy

Updated May 2026
Request
Public
Certification

ISO/IEC 27001:2022 Certificate

ISO/IEC 27001:2022·Updated May 2026
Download
NDA
Policy

Responsible Purchasing Policy

Aprovall's and its suppliers' commitments to responsible purchasing: environment, human rights, ethics and data protection.

Updated May 2026
Request
NDA
Policy

Social & Human Rights Policy

Aprovall's commitments regarding non-discrimination, anti-harassment, freedom of association, privacy, fair compensation and new technologies.

Updated May 2026
Request
NDA
Policy

Supplier Code of Conduct

Principles and commitments expected from our suppliers regarding ethics, human rights, cybersecurity and the environment.

Updated May 2026
Request
NDA
Legal

Privacy Policy

How we collect, use, and protect your personal data

Updated May 2026
Request
Public
Certification

ISO/IEC 27701:2019 Certificate

ISO/IEC 27701:2019·Updated May 2026
Download
Theme

Finance

This theme covers material related to financial soundness, internal controls and governance. Financial statements and audit reports are available on request as part of a due-diligence process.

Theme

Cybersecurity

This theme covers our information security policy and our responsible vulnerability disclosure process. It is complemented by the technical and organizational controls in place and the list of our sub-processors.

Areas covered by our security policy

The scope of our information security policy, aligned with ISO/IEC 27001.

Governance & organisationSecurity awarenessAccess managementNetwork securitySecure developmentVulnerability managementRisk managementBusiness continuityIncident responseSupplier securityPersonal-data protectionAI management

Our approach

Security

AES-256 encryption at rest, TLS 1.3 in transit, enforced MFA, 24/7 monitoring, annual penetration tests.

Privacy

GDPR-compliant, EU hosting (France), data minimisation.

Availability

99% quarterly SLA. Annually-tested business continuity plan. RPO 24h, RTO 72h.

Compliance

ISO 27001 · ISO 27701

Security controls

Defense in depth, across the stack

A summary of the controls continuously monitored in our compliance program.

Access Control

  • Unique user identification
  • Multi-factor authentication enforced

Cryptography

  • Data at rest encrypted (AES-256)
  • Data in transit encrypted (TLS 1.3)

Human Resources

  • Security awareness training

Incident Response

  • Documented incident response plan

Vulnerability Mgmt

  • Monthly vulnerability scans
Sub-processors

Sub-processors

Full list of our sub-processors. Subscribe to be notified of additions or changes.

NamePurposeLocationCertificationsDPASince
OVHcloud
FR
Primary hosting — application data, databases, and uploaded filesFrance
ISO 27001ISO 27701
Signed2025-07
Scaleway
FR
Encrypted backups of databases and filesFrance
ISO 27001
Signed2025-07
YouSign
FR
Electronic signature — signatory names, email addresses, signed documentsFrance
eIDAS
Signed2025-07
Mistral AI
FR
AI document analysis — document contents submitted for analysisFrance
Signed2025-07
Amazon SES
FR
Transactional email — email addresses and message metadataFrance (eu-west-3)
SOC 2ISO 27001EU-US DPF
Signed2025-07
Google (Vertex AI)
BE
AI document analysis — document contents submitted for analysisBelgique (europe-west1)
SOC 2ISO 27001EU-US DPF
Signed2025-12
Ethics & compliance

Business ethics & compliance

Integrity, prevention of corruption and conflicts of interest, and responsible supplier relations.

0
Tolerance for corruption & conflicts of interest
2025
Responsible Supplier Relations Charter
2019
UN Global Compact signatory
2022
Code of conduct & whistleblowing channel

Ethical commitments

  • Zero tolerance for corruption, active or passive
  • Conflict-of-interest prevention
  • Integrity in business & supplier relations
  • Confidential whistleblowing channel
  • Code of conduct issued to every employee

Charters & frameworks

  • Responsible Supplier Relations Chartersigned April 2025 · 10 commitments
  • UN Global Compactsignatory since 2019 · 10 principles
Read the code of conduct
Environmental responsibility

Carbon footprint 2025

Our carbon assessment, computed per ISO 14064-1 across the entire value chain.

303
tCO₂e
Total emissions, all scopes combined
0
tCO₂e · 0%
Scope 1direct
2.86
tCO₂e · 1%
Scope 2energy
299.81
tCO₂e · 99%
Scope 3value chain
99% of our emissions come from Scope 3: our impact is borne almost entirely by the value chain, not by our own operations.

Breakdown by post

  • Purchases & services228.68 tCO₂e · 76%
  • Product use26.88 tCO₂e · 9%
  • Travel & commuting23.49 tCO₂e · 8%
  • Other posts23.09 tCO₂e · 7%

Carbon intensity

kgCO₂e per k€ of revenue

10.4
2023
baseline
22.7
2024
20.1
2025

SBTi target based on carbon intensity, to decouple our growth from our impact.

Standard: ISO 14064-1Database: Base Carbone® ADEMEApproach: 37.5% physical / 62.5% monetaryView the report
Human rights & social

Human rights & social responsibility

Our commitments build on the major international frameworks, applied internally and across our entire value chain.

2014
Diversity Charter signatory
2019
UN Global Compact signatory
8
ILO fundamental conventions upheld
6
Internal commitment areas

Internal commitments

  • Non-discrimination
    Code of conduct since 2022
  • Anti-harassment & anti-violence
    Whistleblowing channel since 2022
  • Freedom of association & collective bargaining
    Social dialogue through the works council
  • Privacy & personal data
    Right to disconnect guaranteed
  • Decent pay & training
    Training access for everyone
  • New technologies & AI
    Governed use of AI

International frameworks

  • International Bill of Human Rights
  • OECD Guidelines for Multinational Enterprises
  • UN Guiding Principles on Business & Human Rights
  • ILO 8 fundamental conventions
  • Diversity Chartersignatory since 2014
  • UN Global Compactsignatory since 2019
Across our value chainWe apply the same ethical standards to all our stakeholders and expect our suppliers to share these commitments.
Policy owned by Executive Management, HR and the CSR lead.Read the policy

Service status

Uptime over the last 90 days, powered by our external monitoring.

All services operational
90 days agotoday

Frequently asked questions

Everything you need to know before requesting access.

Need something specific?

Can't find the document you need? Get in touch with our security team.