Trust

Security and procurement information

This page summarises current controls and governance boundaries for enterprise due diligence.

Legal entity

AnnexPass is operated by AnnexPass OÜ, registered in the Republic of Estonia. Product contact: hello@annexpass.com.

Control status

Control areaCurrent status
Data residencyEU deployment regions (DE and IE)
Encryption in transitTLS 1.3
Encryption at restProvider-managed AES-256
Audit trailAppend-only event log in workspace
Tenant modelOrganisation-scoped workspace state
Role controlsOrganisation roles and scoped access in platform mode

Security governance scope

  • Customer remains the economic operator and data controller for regulatory submissions.
  • AnnexPass OÜ provides AnnexPass workflow infrastructure, evidence handling, and publication tooling.
  • Regulatory interpretation and legal sign-off remain customer responsibilities.

Subprocessors

VendorPurposeRegion
Supabase or NeonDatabase and auth infrastructureEU
Cloudflare R2Document object storageEU
ResendTransactional email deliveryEU
StripeBilling infrastructureEU
AnthropicDocument extraction processingPer DPA

Procurement package

For enterprise procurement, we provide a security questionnaire response pack, architecture summary, and data processing documentation during the vendor review process.

AnnexPass (AnnexPass OÜ) provides software tools to support compliance workflows. Customers remain the economic operator responsible for regulatory compliance. Not legal advice.