Finance
This theme covers material related to financial soundness, internal controls and governance. Financial statements and audit reports are available on request as part of a due-diligence process.
Public documents are available instantly. Gated ones require a short NDA.
Carbone footprint 2025 Aproval included scope 1, scope 2 and scope 3
Responsibly report security vulnerabilities
This cookie policy explains what cookies are, which cookies are used on this website, for what purposes, for how long, by whom the data may be processed, and how you can manage your consent.
Aprovall's and its suppliers' commitments to responsible purchasing: environment, human rights, ethics and data protection.
Aprovall's commitments regarding non-discrimination, anti-harassment, freedom of association, privacy, fair compensation and new technologies.
Principles and commitments expected from our suppliers regarding ethics, human rights, cybersecurity and the environment.
Entity identification, data hosting and published contractual documents.
This theme covers material related to financial soundness, internal controls and governance. Financial statements and audit reports are available on request as part of a due-diligence process.
This theme covers our information security policy and our responsible vulnerability disclosure process. It is complemented by the technical and organizational controls in place and the list of our sub-processors.
The scope of our information security policy, aligned with ISO/IEC 27001.
AES-256 encryption at rest, TLS 1.3 in transit, enforced MFA, 24/7 monitoring, annual penetration tests.
GDPR-compliant, EU hosting (France), data minimisation.
99% quarterly SLA. Annually-tested business continuity plan. RPO 24h, RTO 72h.
ISO 27001 · ISO 27701
A summary of the controls continuously monitored in our compliance program.
Full list of our sub-processors. Subscribe to be notified of additions or changes.
| Name | Purpose | Location | Certifications | DPA | Since |
|---|---|---|---|---|---|
OVHcloud FR | Primary hosting — application data, databases, and uploaded files | France | ISO 27001ISO 27701 | Signed | 2025-07 |
Scaleway FR | Encrypted backups of databases and files | France | ISO 27001 | Signed | 2025-07 |
YouSign FR | Electronic signature — signatory names, email addresses, signed documents | France | eIDAS | Signed | 2025-07 |
Mistral AI FR | AI document analysis — document contents submitted for analysis | France | — | Signed | 2025-07 |
Amazon SES FR | Transactional email — email addresses and message metadata | France (eu-west-3) | Signed | 2025-07 | |
Google (Vertex AI) BE | AI document analysis — document contents submitted for analysis | Belgique (europe-west1) | Signed | 2025-12 |
Integrity, prevention of corruption and conflicts of interest, and responsible supplier relations.
Our carbon assessment, computed per ISO 14064-1 across the entire value chain.
kgCO₂e per k€ of revenue
SBTi target based on carbon intensity, to decouple our growth from our impact.
Our commitments build on the major international frameworks, applied internally and across our entire value chain.
Uptime over the last 90 days, powered by our external monitoring.
Everything you need to know before requesting access.