Security controls
Technical and organizational measures protecting your data
Last updated: April 13, 2026
Infrastructure security
- European-hosted infrastructure (Scaleway, France)
- Unique production database authentication enforced
- Encryption key access restricted to authorized personnel
- Network segmentation and firewall protection
- DDoS protection and mitigation
- Regular infrastructure security assessments
Data protection
- Encryption at rest using AES-256
- Encryption in transit using TLS 1.2+
- Automated data backup and recovery
- Customer-controlled data retention policies
- Complete data anonymization after retention period
- No customer data used for AI model training
Access control
- Role-based access control (RBAC)
- Multi-factor authentication for team access
- Unique account authentication enforced
- Principle of least privilege applied
- Regular access reviews and audits
Application security
- Secure authentication via Auth0 (ISO 27001, SOC 2)
- Input validation and sanitization
- Regular dependency vulnerability scanning
- Secure development lifecycle practices
- AI guardrails and content filtering
Operational security
- Incident response procedures established
- Security monitoring and alerting
- Regular security reviews
- Employee security awareness training
- Secure communication channels
Our security approach
Security at Apprendly is implemented in layers, following the principle of defense in depth. Every component of our infrastructure and application is designed with security as a primary consideration.
Infrastructure
All our services run on Scaleway’s European infrastructure, with data centers located in France. This ensures that your data never leaves Europe and is subject to EU data protection regulations. Our infrastructure leverages Scaleway’s ISO 27001:2022 certified data centers with enterprise-grade physical security.
Encryption
All data is encrypted both at rest and in transit. We use AES-256 encryption for data at rest and TLS 1.2+ for all data in transit. Encryption keys are managed with strict access controls and are regularly rotated.
Authentication and access
User authentication is handled through Auth0, a leading identity platform certified under ISO/IEC 27001/27018, CSA STAR, and SOC 2 Type 2. Access to production systems follows the principle of least privilege, with multi-factor authentication required for all administrative access.
Application security
Our development practices include secure coding standards, regular dependency scanning, and input validation across all interfaces. Our AI systems incorporate guardrails and content filtering to ensure safe interactions during roleplay training sessions.