Apprendly trust center

Our commitment to security, privacy, and responsible AI. Built for Europe and the world.

Last updated: April 2026

Europe-based

All data and AI models hosted exclusively in Europe. Your data never leaves the EU.

Secure by design

Encryption at rest and in transit. Unique production database authentication. Restricted access controls.

Safe & ethical AI

EU AI Act compliant. Guardrails in every roleplay. Content filtering and moderation. We never use your data to train AI models.

Our commitment

Built on trust

At Apprendly, security and privacy are not afterthoughts. They are foundational principles that guide every decision we make. As a European company building AI-powered training tools, we hold ourselves to the highest standards of data protection, ethical AI use, and transparency.

Our platform is designed to deliver powerful AI roleplay training without requiring unnecessary personal data. We believe that effective training and strong privacy protections are not at odds; they reinforce each other.

Our principles

Privacy by design. We collect only the data necessary to deliver our service. Personal data is never required for quality roleplay training, and customers have full control over data retention policies.

Security at every layer. From encrypted data storage on European servers to authenticated access via industry-leading providers, we protect your data with defense in depth.

Ethical AI. We are committed to the responsible use of artificial intelligence. Our AI systems include guardrails to ensure safe, appropriate interactions. We never use customer data to train AI models, and we comply with the EU AI Act.

Transparency. We believe you should know exactly how your data is handled, where it is stored, and who has access. This trust center is our commitment to openness.

Compliance

View details →

GDPR Active

Full compliance with the EU General Data Protection Regulation. We implement all necessary technical and organizational measures as a data processor.

EU AI Act Active

Compliant with the EU Artificial Intelligence Act. Our AI systems are transparent, fair, and respect user rights.

ISO 27001:2022 Under review

Information security management system certification. Currently under review as part of our security maturity roadmap.

SOC 2 Type II Under review

Service Organization Control audit for security, availability, and confidentiality. Currently under review.

Security controls

View all controls →

Infrastructure security

European-hosted infrastructure (Scaleway, France)
Unique production database authentication enforced
Encryption key access restricted to authorized personnel
Network segmentation and firewall protection
+2 more

Data protection

Encryption at rest using AES-256
Encryption in transit using TLS 1.2+
Automated data backup and recovery
Customer-controlled data retention policies
+2 more

Access control

Role-based access control (RBAC)
Multi-factor authentication for team access
Unique account authentication enforced
Principle of least privilege applied
+1 more

Application security

Secure authentication via Auth0 (ISO 27001, SOC 2)
Input validation and sanitization
Regular dependency vulnerability scanning
Secure development lifecycle practices
+1 more

Operational security

Incident response procedures established
Security monitoring and alerting
Regular security reviews
Employee security awareness training
+1 more

Data & privacy

No personal data required for quality

Our AI roleplay training delivers excellent results without requiring personal information. Users can train effectively with minimal data collection.

We never train on your data

Customer data is never used to train, fine-tune, or improve AI models. Your conversations and training sessions remain yours.

Customer-controlled retention

You decide how long we keep your data. Standard retention includes complete anonymization after 30 or 90 days, configurable to your needs.

Data stays in Europe

All data is stored and processed within the European Union, on Scaleway's ISO 27001-certified infrastructure in France.

Data minimization

We collect only the minimum data necessary to deliver our service. We don't collect data we don't need.

Right to erasure

You can request complete deletion of your data at any time. We honor all GDPR data subject rights promptly.

AI safety

AI guardrails in every roleplay

All AI-powered roleplay sessions include content filtering and behavioral guardrails to keep interactions appropriate and on-topic.

EU AI Act compliant

Our AI systems meet the requirements of the EU Artificial Intelligence Act, with transparency, fairness, and human oversight built in.

European AI infrastructure

We use AI models hosted exclusively in Europe, ensuring data sovereignty and regulatory compliance.

No customer data in model training

Customer conversations and training data are never used to train or improve AI models. Your data stays yours.

Content moderation

Multi-layer content moderation ensures that AI responses remain within appropriate boundaries for professional training scenarios.

Human oversight

Organizations maintain control over AI behavior through configurable parameters, scenario design, and monitoring capabilities.

Sub-processors

View details →

Scaleway Europe (France)

Cloud infrastructure, data hosting, and AI model hosting

ISO 27001:2022GDPR

Auth0 Europe (EU data residency)

User authentication and identity management

ISO 27001ISO 27018SOC 2 Type 2CSA STARGDPR

Stripe Global (PCI compliant)

Payment processing and subscriptions

PCI Level 1GDPR

Frequently asked questions

Where is my data stored?

All data is stored on Scaleway's servers in France, within the European Union. Your data never leaves Europe.

What encryption do you use?

We use AES-256 encryption for data at rest and TLS 1.2+ for all data in transit. Encryption keys are managed with strict access controls.

Do you use my data to train AI models?

No, never. Customer data is never used to train, fine-tune, or improve any AI models. Your roleplay sessions and training data are used solely to deliver your service.

How long do you retain my data?

Data retention is customer-controlled. Our standard practice is to completely anonymize all session data after 30 or 90 days. You can also request immediate deletion at any time.

Do you support Single Sign-On (SSO)?

Yes, we support SSO. Auth0 supports SAML, OpenID Connect, and other enterprise identity protocols.

Are you GDPR compliant?

Yes, fully. We operate as a data processor under GDPR and implement all required technical and organizational measures. We maintain Data Processing Agreements with all customers and sub-processors.

Are you compliant with the EU AI Act?

Yes. Our AI systems are designed with transparency, fairness, and human oversight in accordance with the EU AI Act. Users are always informed they are interacting with AI.

What happens if there is a security incident?

We have established incident response procedures. In the event of a data breach, we will notify affected customers within 72 hours as required by GDPR, along with details of the incident and remediation steps taken.

Who are your sub-processors?

Our primary sub-processors are Scaleway (hosting and AI models, France), Auth0 (authentication, EU), and Stripe (payments). See our sub-processors page for full details.

Can I request deletion of my data?

Yes. Under GDPR, you have the right to erasure. You can request complete deletion of your data at any time by contacting us, and we will process your request promptly.

Questions about security?

support@apprendly.com

Ready to get started?

Experience secure, European-hosted AI roleplay training. Start your free trial today.

Start your 14 days FREE trial