Security & Trust
Don't trust us — verify it.
Community runs entirely in your browser: no XpertApps backend, no telemetry, ServiceNow pages only. Team and Enterprise add SSO, audit, and Claude in your own cloud. Verify every claim below yourself.
Trust You Can Check, Not Take on Faith
Every claim on this page is independently verifiable
0
Data Collected
No backend, no telemetry — declared No data collected on the Chrome Web Store.
100%
Inspectable
Community ships unminified with per-file SHA-256 checksums.
3-day
Disclosure SLA
Vulnerabilities acknowledged within 3 business days.
Verify Each Claim Yourself
Community Edition ships unminified — inspect the shipped bytes yourself
No Data Collected
Zero Telemetry
No analytics, no fingerprinting, no XpertApps backend. It declares 'No data collected' on the Chrome Web Store — and a CI privacy gate fails the build on any telemetry or non-approved egress.
BYO-Claude Egress
You Control the Endpoint
Community calls your own Anthropic account directly, under your key. We never proxy or resell your traffic.
Least-Privilege Permissions
Only What It Needs
Community requests only storage and activeTab (plus a gesture-scoped scripting call) — no tabs, cookies, all-urls, or remote code.
Key Held in Memory Only
AES-GCM, Never on Disk
Your Anthropic key is AES-GCM encrypted in memory-only session storage — never written to disk, never handed to the page, cleared when the browser closes.
On-Device PII Redaction
Redacted Before It Leaves
Instance data is redacted in your browser before anything is sent; the reversible map stays on-device and never egresses.
Reproducible Build
Bytes Match the Source
Community ships unminified with published per-file SHA-256 checksums — confirm the Web Store build equals the source yourself, no backend involved.
How Your Data Flows
Only where you send it — never through us
Community — Serverless & BYOK
Your browser talks to two places, both yours: your Anthropic account (your key) and your ServiceNow instance (your session, approval-gated writes). XpertApps isn't in the path — nothing to opt out of.
Team — Your Gateway or Cloud
Claude runs through your org's AI gateway, Amazon Bedrock, or Google Vertex — no one pastes a personal key. The Hub adds accounts, seats, SSO and a central audit record.
Enterprise — In Your Own Cloud
Run Claude on your own Bedrock or Vertex inside your VPC, with data-residency controls — instance data and Claude usage never leave your infrastructure. Self-host and private deployment available.
Least-Privilege by Design
In plain terms: it runs only on your ServiceNow instance pages, keeps your key on your device, and talks only to Anthropic under your key. The specifics, for your security team:
Requested, and Why
- check_circle
storage— hold your encrypted key & non-secret UI state (device-local, no sync) - check_circle
activeTab— label the ServiceNow instance you’re on; scope write mode to it - check_circle
scripting— inject the “What’s redacted” editor only on your click, on the active tab - check_circle
api.anthropic.com— direct calls to your Anthropic account under your key (Community) - check_circleContent scripts on
*.service-now.cominstance pages only — ServiceNow’s sign-in/portal/support sites excluded
Never Requested
- blockNo
cookiesor broadtabs— can’t read your logins or see your other tabs - blockNo
<all-urls>or wildcard hosts — blind to every site except ServiceNow instance pages - blockNo remotely-hosted code — every line ships in the reviewed package (strict MV3 CSP)
- blockNo
chrome.storage.syncormanaged— data never leaves your device; the only calls are yours to Anthropic - blockNo analytics, telemetry, or backend — we run no server that sees your data
Procurement & Compliance
What your security and legal teams need — stated honestly
DPA & BAA
A DPA is available on request; a BAA for Enterprise. Community is serverless and accountless, so XpertApps isn't a data processor — your data goes only to your own Anthropic account and ServiceNow instance.
SOC 2 — In Progress
SOC 2 Type II is in progress — not yet certified. We state it as a roadmap item, never as a current attestation.
Source Access Under NDA
Enterprise security teams can read the source under NDA: a named owner (the XpertApps Engineer maintainer at Quodroid), acknowledged within 3 business days. Community stays independently inspectable via its unminified build regardless.
Responsible Disclosure
Report vulnerabilities privately to security@xpertappdev.com — acknowledged within 3 business days, coordinated disclosure, and good-faith safe harbor.
Common Questions
Do you collect any of my data?
No. The Community Edition has no backend and no telemetry — it declares “No data collected” on the Chrome Web Store, enforced by a CI privacy gate. XpertApps receives none of your data.
Where does my data actually go?
Only where you send it: your own Anthropic account (or, on Team and Enterprise, your org’s gateway, Bedrock, or Vertex) and your own ServiceNow instance. We never proxy, store, or resell it.
Can our security team read the code?
Yes — under NDA, with a named owner and a 3-business-day acknowledgement. And because Community ships unminified with published checksums, you can verify the shipped bytes against the source yourself.
Are you SOC 2 certified?
Not yet — SOC 2 Type II is in progress and on the roadmap. We’ll never claim an attestation we don’t hold.
Do you proxy or mark up our Claude usage?
No. You bring your own Claude and pay your provider directly; we charge a flat per-seat fee. There is no token markup and no XpertApps-hosted “managed Claude” in the path (the optional Managed Claude add-on is the one clearly-labelled exception).
Bring Your Security Team
Got a questionnaire, review, or data-flow question? We'll walk your security team through exactly how it works.
Talk to Our Security Team
check_circleNo data collected
check_circleVerify it yourself
check_circleSource access under NDA
check_circleSOC 2 in progress