Trust
Security and procurement information
This page summarises current controls and governance boundaries for enterprise due diligence.
Legal entity
AnnexPass is operated by AnnexPass OÜ, registered in the Republic of Estonia. Product contact: hello@annexpass.com.
Control status
| Control area | Current status |
|---|---|
| Data residency | EU deployment regions (DE and IE) |
| Encryption in transit | TLS 1.3 |
| Encryption at rest | Provider-managed AES-256 |
| Audit trail | Append-only event log in workspace |
| Tenant model | Organisation-scoped workspace state |
| Role controls | Organisation roles and scoped access in platform mode |
Security governance scope
- Customer remains the economic operator and data controller for regulatory submissions.
- AnnexPass OÜ provides AnnexPass workflow infrastructure, evidence handling, and publication tooling.
- Regulatory interpretation and legal sign-off remain customer responsibilities.
Subprocessors
| Vendor | Purpose | Region |
|---|---|---|
| Supabase or Neon | Database and auth infrastructure | EU |
| Cloudflare R2 | Document object storage | EU |
| Resend | Transactional email delivery | EU |
| Stripe | Billing infrastructure | EU |
| Anthropic | Document extraction processing | Per DPA |
Procurement package
For enterprise procurement, we provide a security questionnaire response pack, architecture summary, and data processing documentation during the vendor review process.
AnnexPass (AnnexPass OÜ) provides software tools to support compliance workflows. Customers remain the economic operator responsible for regulatory compliance. Not legal advice.