Security and trust

Read-only by design. Metadata purged after every scan.

aprity reads your Salesforce metadata, never writes to it, and does not keep the raw metadata after a scan completes. Analysis is deterministic first; the AI narrates on top. Everything below is stated plainly and verifiable.

AppExchange Security Review — in progress

Read-only access

Connector cannot write or change schema

Purged after every scan

Raw metadata is not retained

Azure-only AI routing

EU and US data regions

Multi-tenant isolation

Tenants are hard-isolated

Audit readiness

Documentation that keeps pace with your audits.

ISO 27001, HDS and SOC 2 all require organizations to keep their documentation continuously up to date. aprity refreshes your Salesforce documentation automatically on every scan, so it directly supports those audits. It enables your compliance and audit-readiness — aprity does not itself hold these certifications.

Audits we help you prepare for

ISO 27001

HDS

SOC 2

Deterministic first, AI second

The LLM narrates. It never decides.

Dependencies, impact and the execution graph are computed deterministically from your metadata — reproducible and verifiable. The model explains results and answers questions with citations; it is never in the path that produces the graph.

See the platform

Read-only by design.

aprity connects to Salesforce with a read-only integration. It reads metadata to build your documentation and never writes back to your org — it does not request the permissions needed to modify metadata, data or configuration.

AccessRead-only

Writes to the orgNone

Schema changesNot possible

Data, residency & purge.

aprity reads metadata, derives the documentation, then purges the raw metadata. Only the derived documentation remains in the portal, encrypted in Azure. aprity runs in both European and United States data regions, so you choose where your data lives.

Raw metadataPurged after each scan

Derived docsEncrypted at rest

Data regionsEU and US (you choose)

In transitEncrypted (TLS)

Hard multi-tenant isolation.

Each tenant's data is isolated at the storage and processing layers. One tenant can never read, query or influence another's documentation, scans or agent context.

StoragePer-tenant isolation

ProcessingPer-tenant scan context

Agent contextScoped to one tenant

Azure-only AI routing.

All AI inference is routed exclusively through Microsoft Azure, in the data region you choose — European or United States. Model traffic stays within that region, and the deterministic analysis runs the same regardless of model.

Inference pathAzure only

Data regionsEU and US

Bring-your-own-LLMYour model & key

Sub-processors & incident response

Sub-processors and incident handling.

aprity runs on Microsoft Azure (EU and US regions). The complete, current sub-processor list is available on request. If a security incident affects your data, we notify you without undue delay and support your own regulatory reporting.

Responsible disclosure

Report a vulnerability.

Found a security issue in aprity? Report it privately to security@aprity.ai. Please do not open a public issue or disclose the details before we have shipped a fix. We acknowledge reports within 2 business days, triage within 5, and target a fix or mitigation plan for High and Critical issues within 30 days. Good-faith research is covered by our safe-harbor policy, and we are happy to credit reporters with their consent.

Email security@aprity.ai /.well-known/security.txt