Public documents are available instantly. Gated ones require a short NDA.
Responsibly report security vulnerabilities
This cookie policy explains what cookies are, which cookies are used on this website, for what purposes, for how long, by whom the data may be processed, and how you can manage your consent.
Principles and commitments expected from our suppliers regarding ethics, human rights, cybersecurity and the environment.
Aprovall's commitments regarding non-discrimination, anti-harassment, freedom of association, privacy, fair compensation and new technologies.
Aprovall's and its suppliers' commitments to responsible purchasing: environment, human rights, ethics and data protection.
This theme gathers the legal documents applicable to our services: subscription and usage terms, privacy policy, legal notices and cookie management.
This theme covers material related to financial soundness, internal controls and governance. Financial statements and audit reports are available on request as part of a due-diligence process.
This theme covers our information security policy and our responsible vulnerability disclosure process. It is complemented by the technical and organizational controls in place and the list of our sub-processors.
Container of Markdown cards (Security, Privacy, Availability, Compliance). Reorder cards via their handle.
AES-256 encryption at rest, TLS 1.3 in transit, enforced MFA, 24/7 monitoring, annual penetration tests.
GDPR-compliant, DPA available, EU hosting (Ireland/France), data minimisation by design.
99.9% SLA. Annually-tested business continuity plan. RPO 1h, RTO 4h.
ISO 27001 · ISO 27701 · GDPR · DORA-ready · SOC 2 Type II 2026.
A summary of the controls continuously monitored in our compliance program.
Full list of our sub-processors. Subscribe to be notified of additions or changes.
| Name | Purpose | Location | Certifications | DPA | Since |
|---|---|---|---|---|---|
OVHcloud FR | Primary hosting — application data, databases, and uploaded files | France | ISO 27001ISO 27701 | Signed | 2025-07 |
Scaleway FR | Encrypted backups of databases and files | France | ISO 27001 | Signed | 2025-07 |
YouSign FR | Electronic signature — signatory names, email addresses, signed documents | France | eIDAS | Signed | 2025-07 |
Mistral AI FR | AI document analysis — document contents submitted for analysis | France | — | Signed | 2025-07 |
Amazon SES FR | Transactional email — email addresses and message metadata | France (eu-west-3) | Signed | 2025-07 | |
Google (Vertex AI) BE | AI document analysis — document contents submitted for analysis | Belgique (europe-west1) | Signed | 2025-12 |
This theme sets out the commitments that apply to business relationships, particularly with suppliers: integrity, anti-corruption and conflict-of-interest prevention.
This theme outlines the responsible purchasing policy and the environmental criteria used when selecting partners.
This theme covers the social policy and human rights commitments that apply both to our employees and to our value chain, with reference to international standards (ILO, UN Global Compact).
Uptime over the last 90 days, powered by our external monitoring.
Everything you need to know before requesting access.