Data Residency and Privacy
aprity is designed with data residency, privacy, and compliance as foundational requirements. This page explains where your data is stored, how it is isolated, and what controls are available for data management.
Data Residency
Azure France Central
All aprity infrastructure is hosted in the Azure France Central region (Paris, France). This includes:
| Service | Purpose | Region |
|---|---|---|
| Azure Container Apps | API and worker compute | France Central |
| Azure Cosmos DB | Scan data, metadata, configuration | France Central |
| Azure Blob Storage | Generated documentation files | France Central |
| Azure Key Vault | Cryptographic keys and secrets | France Central |
:::info EU data guarantee No data leaves the Azure France Central region during processing, storage, or retrieval. All compute, storage, and networking occur within the same Azure region. :::
What data is stored
aprity stores the following categories of data:
| Category | Description | Retention |
|---|---|---|
| Salesforce metadata | Object definitions, field schemas, trigger code, flow definitions, validation rules | Based on plan (3 months to unlimited) |
| Generated documentation | AI-generated descriptions, business rules, process documentation | Based on plan |
| Scan history | Scan configurations, status, timestamps, error details | Based on plan |
| Feedback entries | User-submitted corrections and additions | Active until archived |
| Tenant configuration | Plan details, feature flags, registration data | Duration of subscription |
What data is NOT stored
- Business data -- aprity does not read or store Account records, Opportunity values, Contact information, or any transactional data from your Salesforce org.
- User credentials -- No passwords, security tokens, or session IDs are stored. Authentication uses JWT Bearer with certificates.
- Consumer Secrets -- The OAuth Consumer Secret from your Connected App is never transmitted to or stored by aprity.
Tenant Isolation
Partition-based data separation
Every piece of data in aprity is scoped to a tenant using partition keys in Azure Cosmos DB. A partition key is a required attribute on every database record that physically groups data by tenant.
This means:
- Database queries for one tenant are physically unable to return records belonging to another tenant.
- There is no shared data space between tenants.
- Isolation is enforced at the database engine level, not just at the application layer.
Org-level scoping
Within a tenant, data is further scoped by Salesforce Organization ID. If your tenant has multiple connected orgs (Professional and Enterprise plans), each org's metadata and documentation is stored separately.
Encryption
At rest
All data stored in Azure Cosmos DB and Azure Blob Storage is encrypted at rest using AES-256 encryption. Encryption keys are managed by the Azure platform using Microsoft-managed keys.
In transit
All data in transit between your Salesforce org, the aprity cloud platform, and Azure services is encrypted using TLS 1.2 or higher.
Data Management
Data retention
Data retention periods depend on your plan:
| Plan | Retention |
|---|---|
| Trial | 14 days |
| Starter | 3 months |
| Professional | 12 months |
| Enterprise | Unlimited |
When the retention period expires, scan data and generated documentation are automatically purged.
Metadata purge (GDPR right to erasure)
You can request a full purge of all metadata and documentation stored by aprity for your tenant. This is relevant for:
- GDPR Article 17 (right to erasure) compliance.
- Offboarding from aprity.
- Data cleanup after a proof-of-concept period.
To request a metadata purge, contact support@aprity.ai with your Org ID and tenant ID. The purge is irreversible and removes all scan data, generated documentation, feedback entries, and metadata from the aprity platform.
A metadata purge is permanent. All documentation and scan history for the specified tenant will be deleted and cannot be recovered. Download any documentation you want to retain before requesting a purge.
Data portability
Generated documentation is available for download in multiple formats (Markdown, HTML, PDF, DOCX). You can download and store documentation locally at any time from the Doc Browser tab.
Compliance Alignment
| Framework | Relevant Controls |
|---|---|
| GDPR | EU data residency, right to erasure (purge), data minimization (metadata only), encryption at rest and in transit |
| SOC 2 | Access controls (HMAC + JWT), audit logging (scan history), encryption, tenant isolation |
| ISO 27001 | Information security management via Azure platform controls |
aprity leverages Azure's compliance certifications for infrastructure-level controls. For the latest Azure compliance documentation, refer to the Microsoft Trust Center.