Security & Trust
Where our security stands today.
OneApproval is built on eight years of AppFox approval and compliance tooling. Here's the current state of our certifications and how we handle your data — with the live evidence kept in our Trust Center.
Visit our Trust Center →
Certification status
Live, in progress, or not yet — labelled honestly.
SOC
SOC 2 Type II
Audited annually. The current report is available through our Trust Center.
Live
iso
ISO 27001
Certified, with an ISMS framework audited annually.
Live
GDPR
GDPR and UK GDPR
DPA available on request. EU data hosted in Ireland.
Live
CF
Atlassian Cloud Fortified
AppFox apps, including Approvals for Confluence, hold Cloud Fortified status today.
Live
MS
Microsoft AppSource
Listing in progress. Office add-ins must pass Microsoft's security, privacy and UX policies.
Listing pending
EU
Data residency
EU region in Ireland available today. US and other regions under consideration with design partners.
EU Live
How we secure your data
Three pillars, built into the platform.
Approval data is sensitive by definition: drafts, sign-offs, salary letters, regulated SOPs. We treat it accordingly.
1
Authentication & access
You sign in with the identity provider you already trust: Microsoft 365, Atlassian, Google. We never own your password.
SSO via M365, Atlassian, Google identity
SCIM provisioning (on the roadmap)
Enforced 2FA at the org level
Token-based external approver access (no host license needed)
Granular RBAC: author, approver, process owner, admin
2
Document & data handling
By default we hold approval metadata. Optionally, with your permission, we cache the document content so AI features can summarise it and so approvers without access to the original can still review.
Content caching is opt-in, per approval
Data encrypted at rest (AES-256) and in transit (TLS 1.3)
Customer data isolation per organisation
Hosted on Amazon Web Services (EU region, Ireland)
3
Audit & evidence
Every action (request, comment, approval, edit, invalidation) is recorded and version-pinned. Records are append-only: nothing is rewritten after the fact.
Append-only audit log
Native platform version IDs pinned (Sharepoint, Confluence)
CSV and PDF exports, including approver detail, not just counts
Post-approval edits flagged automatically
Where your data goes
What OneApproval stores, and where.
The source document lives where it always did. OneApproval stores the workflow, the decisions and the audit trail. If you turn on content caching, we also keep a copy so AI features work and so reviewers without source access can still see what they're approving.
📄
Your document
Stays in SharePoint, OneDrive, Google Drive or Confluence. The source remains the source of truth.
Metadata always · content if you opt in
1
OneApproval
Workflow, sign-offs, version IDs, timestamps. Plus an optional content cache for AI summaries and access fallback.
Export
✓
Audit record
Append-only trail, downloadable as CSV or PDF. Yours to keep.
Audit as evidence
The trail is the evidence.
Every approval generates an append-only record tied to the exact platform version that was approved. If the source document changes after sign-off, the prior approval is flagged for re-review automatically.
Who actually approved. Not just a count. Full identity and decision per approver, timestamped.
What version. Sharepoint, OneDrive, and Confluence native versions pinned automatically.
What changed. Post-approval edits can optionally invalidate the prior sign-off and generate notifications.
Where to find it. Searchable, filterable, exportable in CSV or PDF, with the sign-off metadata included.
Audit-grade, not a QMS. OneApproval keeps exportable, tamper-evident records for the approvals that live outside your validated system. It isn't a replacement for Veeva, MasterControl or other Part 11 quality platforms — and we won't pretend it is.
Approval audit trail · APR-001
v.4 · SharePoint version pinned
Document
Q3 Marketing Plan.docx
SharePoint · contoso.sharepoint.com
Version
v.4 (link)
Authored Mon 2026-07-01 · 09:14 UTC
Template
Marketing, 2-stage sign-off
Quorum: 1 of 1 per stage
Stage 1
Maya Osei · approved
Mon 2026-07-01 · 14:02 UTC · "Looks good, proceed."
Stage 2
Devin Reyes · approved
Tue 2026-07-02 · 10:31 UTC · "Signed off, let's go"
Status
Approved · 2d 4h
All stages complete
Subprocessors
Every party with access to your data, listed here.
Our DPA and the full, current subprocessor list live in our Trust Center. Below is the set as of May 2026.
Amazon Web Services
Application hosting, encrypted storage
EU-Ireland
SOC 2, ISO 27001, ISO 27017, ISO 27018
PostHog
Anonymised product analytics (no document body)
EU
SOC 2 Type II
HubSpot
CRM & customer communications
EU / US
SOC 2 Type II, GDPR
Microsoft
Identity / SSO (M365 customers)
Customer-selected region
SOC 2 Type II, ISO 27001
Atlassian
Identity / SSO (Confluence customers)
Customer-selected region
SOC 2 Type II, ISO 27001
Looking for the detail?
Our Trust Center has the live evidence — certifications, the current subprocessor list, our DPA and security documentation — kept up to date automatically.
Visit our Trust Center→
