Annexo
← Home
Legal

Security

Last updated: 2026-06-23

This page describes the technical and organisational measures Annexo actually uses to protect your data. We list what we do, not what we aspire to. Where we don’t yet hold a formal certification, we say so plainly — see What we don’t claim below.

The customer agent key is never persisted

The core invariant of the verification console: when you point Annexo at your own AI agent endpoint, the API key you provide is held in memory for that single request only and is never written to disk, to the database, or to logs. It is enforced in three places — the store layer, the API routes, and the public serialisation of an agent — and a request that asks for the key to be stored is rejected. Verification probes run live against your endpoint; only the observed results are kept.

Data in transit

All traffic to and from annexo.eu is served exclusively over HTTPS (TLS). We send an HTTP Strict-Transport-Security (HSTS) header so browsers refuse to connect over plain HTTP after the first visit. Connections between our application and its sub-processors are likewise encrypted in transit.

Data at rest & residency

Application compute is pinned to the EU region (Frankfurt, fra1). The Fleet platform’s durable records (registered-agent metadata and monitoring state) live in a managed Redis store (Upstash) pinned to an EU region. We do not run advertising or profiling databases. We never store the customer agent keys described above.

Platform access control

  • The real Fleet platform and its API are gated behind a session cookie (annx_session). An unauthenticated page request is redirected to the public access gateway; an unauthenticated API request gets a 401.
  • The session cookie is compared in constant time, so the session secret cannot be probed a byte at a time by timing the gate. The access key and the session secret are two separate server secrets by design.
  • The marketing site, the demos and the value pages stay public; only the platform is gated.

Application hardening

  • A global Content-Security-Policy, HSTS and a set of standard security headers (frame, content-type and referrer protections, plus a restrictive Permissions-Policy) are applied to every response.
  • The live verification engine that fetches the endpoints you submit is SSRF-guarded: it allows only http/https, re-resolves DNS and re-validates the resolved IP, and blocks localhost and private, link-local and reserved address ranges, so it can’t be pointed at internal infrastructure. It also guards against echoing secrets back.
  • Long-running engine routes carry explicit per-route execution limits, and the monitoring cron is gated by a constant-time-checked secret.

Secrets management

All credentials — the store token, session and cron secrets, the email API key and the LLM key — are supplied to the application only as environment variables managed by our host. No secret is ever committed to the source repository, printed to logs, or exposed in the browser bundle. Staged changes are scanned for credential-looking patterns before commit.

Hosting & sub-processors

The application is hosted on Vercel with compute pinned to the EU region (Frankfurt, fra1); the Fleet store runs on Upstash in an EU region. Some sub-processors (e.g. Resend, OpenAI) operate in the United States; those transfers rely on EU Standard Contractual Clauses and, where certified, the EU–US Data Privacy Framework. The full list is on our sub-processors page and in our Privacy Policy.

Data deletion

You can ask us to delete your data at any time and we will do so within a reasonable period, except records we are legally required to keep. To request deletion, contact us at the address in our Impressum.

What we don’t claim

Annexo is an independent, founder-run product. We do notcurrently hold a SOC 2 report, ISO 27001 certification, or any other formal third-party audit, and we will not imply that we do. Instead we publish, on this page, the specific measures that are genuinely in place — and we’ll update it as the security programme matures rather than backdating claims. The same honesty applies to how we describe what Annexo does: every verification result is observed behaviour at the time of testing, never a certification or guarantee.

Reporting a vulnerability

If you believe you’ve found a security issue, please email us via the contact address in our Impressumwith the word “security” in the subject. We welcome good-faith reports and will work with you on a responsible disclosure timeline.

Breach handling

In the event of a personal-data breach that is likely to result in a risk to your rights, we will notify the competent supervisory authority and affected users without undue delay, in line with our obligations under Articles 33 and 34 GDPR.

← All legal documents·Home

About Annexo

Annexo is the independent trust layer for AI agents: it verifies how a third party’s AI agent actually behaves with live tests, watches it for drift, and produces audit-ready evidence for buyers, regulators and insurers. Every result is observed behaviour at the time of testing — never a certification, conformity assessment, guarantee, or legal advice. Annexo is not a notified body.

Frequently asked questions

What is Annexo?
Annexo is an independent trust layer for AI agents. It verifies how a third party’s AI agent actually behaves with live behavioural probes, watches it for drift over time, and produces audit-ready assurance evidence a buyer, regulator or insurer can rely on. The thesis is simple: a builder cannot credibly grade its own homework, so verification has to be independent.
Who is Annexo for?
EU and DACH enterprises deploying AI agents in regulated settings — insurance, banking, industrial — and the consultancies that build agents for them. Later, insurers underwriting agent risk.
How does Annexo verify an AI agent?
Point the verify console at your own AI agent endpoint or run a built-in sample agent. A live probe battery runs against it — prompt injection, tool poisoning, guardrails under pressure, AI disclosure, PII handling, request logging — and resolves into an evidence dashboard. Your agent’s API key is held in memory for that one request only and is never stored.
Does Annexo certify or guarantee that an AI agent is compliant?
No. Annexo is not a notified body and does not certify, guarantee, or give legal advice. Every result is observed behaviour at the time of testing, reported as a status — holding, watch, or surfaced — never a pass/fail verdict or a conformity assessment.
What about EU regulations like the EU AI Act, GDPR, DORA and NIS2?
Annexo also produces done-for-you EU conformity dossiers — the evidence and technical documentation mapped to the EU AI Act, GDPR, DORA and NIS2, produced from your system and audit-ready. It is the deliverable, not a substitute for your own counsel or a conformity assessment body.
Where is Annexo’s data processed?
In the EU. Compute runs in the Frankfurt (fra1) region and persisted data uses an EU-region store, in line with EU data-residency expectations.