Design-Partner Programme — founding teams get founder pricing & help shape the roadmap. Book a demo →
Book a Call

Security & Trust

Don't trust us — verify it.

Community runs entirely in your browser: no XpertApps backend, no telemetry, ServiceNow pages only. Team and Enterprise add SSO, audit, and Claude in your own cloud. Verify every claim below yourself.

Trust You Can Check, Not Take on Faith

Every claim on this page is independently verifiable

0

Data Collected

No backend, no telemetry — declared No data collected on the Chrome Web Store.

100%

Inspectable

Community ships unminified with per-file SHA-256 checksums.

3-day

Disclosure SLA

Vulnerabilities acknowledged within 3 business days.

Verify Each Claim Yourself

Community Edition ships unminified — inspect the shipped bytes yourself

block

No Data Collected

Zero Telemetry

No analytics, no fingerprinting, no XpertApps backend. It declares 'No data collected' on the Chrome Web Store — and a CI privacy gate fails the build on any telemetry or non-approved egress.

block
lan

BYO-Claude Egress

You Control the Endpoint

Community calls your own Anthropic account directly, under your key. We never proxy or resell your traffic.

lan
shield

Least-Privilege Permissions

Only What It Needs

Community requests only storage and activeTab (plus a gesture-scoped scripting call) — no tabs, cookies, all-urls, or remote code.

shield
vpn_key

Key Held in Memory Only

AES-GCM, Never on Disk

Your Anthropic key is AES-GCM encrypted in memory-only session storage — never written to disk, never handed to the page, cleared when the browser closes.

vpn_key
visibility_off

On-Device PII Redaction

Redacted Before It Leaves

Instance data is redacted in your browser before anything is sent; the reversible map stays on-device and never egresses.

visibility_off
verified

Reproducible Build

Bytes Match the Source

Community ships unminified with published per-file SHA-256 checksums — confirm the Web Store build equals the source yourself, no backend involved.

verified

How Your Data Flows

Only where you send it — never through us

person

Community — Serverless & BYOK

Your browser talks to two places, both yours: your Anthropic account (your key) and your ServiceNow instance (your session, approval-gated writes). XpertApps isn't in the path — nothing to opt out of.

groups

Team — Your Gateway or Cloud

Claude runs through your org's AI gateway, Amazon Bedrock, or Google Vertex — no one pastes a personal key. The Hub adds accounts, seats, SSO and a central audit record.

verified_user

Enterprise — In Your Own Cloud

Run Claude on your own Bedrock or Vertex inside your VPC, with data-residency controls — instance data and Claude usage never leave your infrastructure. Self-host and private deployment available.

Least-Privilege by Design

In plain terms: it runs only on your ServiceNow instance pages, keeps your key on your device, and talks only to Anthropic under your key. The specifics, for your security team:

Requested, and Why

  • check_circlestorage — hold your encrypted key & non-secret UI state (device-local, no sync)
  • check_circleactiveTab — label the ServiceNow instance you’re on; scope write mode to it
  • check_circlescripting — inject the “What’s redacted” editor only on your click, on the active tab
  • check_circleapi.anthropic.com — direct calls to your Anthropic account under your key (Community)
  • check_circleContent scripts on *.service-now.com instance pages only — ServiceNow’s sign-in/portal/support sites excluded

Never Requested

  • blockNo cookies or broad tabs — can’t read your logins or see your other tabs
  • blockNo <all-urls> or wildcard hosts — blind to every site except ServiceNow instance pages
  • blockNo remotely-hosted code — every line ships in the reviewed package (strict MV3 CSP)
  • blockNo chrome.storage.sync or managed — data never leaves your device; the only calls are yours to Anthropic
  • blockNo analytics, telemetry, or backend — we run no server that sees your data

Procurement & Compliance

What your security and legal teams need — stated honestly

description

DPA & BAA

A DPA is available on request; a BAA for Enterprise. Community is serverless and accountless, so XpertApps isn't a data processor — your data goes only to your own Anthropic account and ServiceNow instance.

workspace_premium

SOC 2 — In Progress

SOC 2 Type II is in progress — not yet certified. We state it as a roadmap item, never as a current attestation.

policy

Source Access Under NDA

Enterprise security teams can read the source under NDA: a named owner (the XpertApps Engineer maintainer at Quodroid), acknowledged within 3 business days. Community stays independently inspectable via its unminified build regardless.

bug_report

Responsible Disclosure

Report vulnerabilities privately to security@xpertappdev.com — acknowledged within 3 business days, coordinated disclosure, and good-faith safe harbor.

Common Questions

Do you collect any of my data?

No. The Community Edition has no backend and no telemetry — it declares “No data collected” on the Chrome Web Store, enforced by a CI privacy gate. XpertApps receives none of your data.

Where does my data actually go?

Only where you send it: your own Anthropic account (or, on Team and Enterprise, your org’s gateway, Bedrock, or Vertex) and your own ServiceNow instance. We never proxy, store, or resell it.

Can our security team read the code?

Yes — under NDA, with a named owner and a 3-business-day acknowledgement. And because Community ships unminified with published checksums, you can verify the shipped bytes against the source yourself.

Are you SOC 2 certified?

Not yet — SOC 2 Type II is in progress and on the roadmap. We’ll never claim an attestation we don’t hold.

Do you proxy or mark up our Claude usage?

No. You bring your own Claude and pay your provider directly; we charge a flat per-seat fee. There is no token markup and no XpertApps-hosted “managed Claude” in the path (the optional Managed Claude add-on is the one clearly-labelled exception).

Bring Your Security Team

Got a questionnaire, review, or data-flow question? We'll walk your security team through exactly how it works.

Talk to Our Security Team

check_circleNo data collected
check_circleVerify it yourself
check_circleSource access under NDA
check_circleSOC 2 in progress