Updated May 2025
Enterprise procurement teams and ESG auditors often need to verify the environmental and security posture of software vendors. This page provides a clear, honest overview of how Article-4 is built and operated.
Database & authentication
Supabase on AWS eu-central-1 (Frankfurt, Germany)
All user data, training records, and certificates stored in the EU.
Application hosting
Vercel โ EU edge region (primary)
Serverless functions run in EU. Static assets served from nearest CDN node.
Transactional email
Resend Inc. โ US (Standard Contractual Clauses)
Only your email address and name are sent to Resend for delivery.
Payment processing
Stripe โ EU (Stripe Payments Europe Ltd., Dublin)
Payment card data never touches Article-4 servers. Processed entirely by Stripe.
Article-4 is a cloud-native SaaS product. We own no physical hardware. Our environmental footprint is primarily Scope 2 (purchased electricity) and Scope 3 (cloud provider upstream emissions).
Scope 1 emissions
Zero
No owned offices or hardware. Fully remote team.
Scope 2 emissions
Negligible
AWS Frankfurt runs on renewable energy (100% renewable target by 2025). Vercel uses CDN with green hosting.
Scope 3 โ cloud
Minimised
Serverless architecture โ compute only runs on request. No idle servers.
Paper reduction
Digital-first
All certificates, invoices, and compliance records are digital. Zero paper output.
Cloud provider sustainability references: AWS Sustainability ยท Vercel Climate Partner
TLS 1.2+ encryption in transit
All API calls and web traffic
AES-256 encryption at rest
Database (Supabase/AWS)
Role-based access control
Least-privilege by design
Row-level security (RLS)
Supabase RLS on all tables
Dependency scanning
GitHub Dependabot (automated)
No password storage
Supabase Auth handles credentials
Session token rotation
Automatic via Supabase Auth
Admin key isolation
Service role key never client-side
Security issues may be reported to hei@article-4.com. We aim to acknowledge within 24 hours and resolve within 7 days.
We are committed to making Article-4 accessible to all employees, including those with disabilities.
Target standard
WCAG 2.1 Level AA
Keyboard navigation
Supported throughout platform
Colour contrast
AA compliant on all text
Screen reader support
Semantic HTML, ARIA labels
Language
Norwegian (Bokmรฅl) + English
To report an accessibility issue, email hei@article-4.com.
| Data type | Retention period | Legal basis |
|---|---|---|
| Account & profile data | Active subscription + 30 days | Contract performance |
| Training records & certificates | 7 years | Audit requirement (CSRD/ESRS S1) |
| Invoice records | 5 years | Norwegian Bookkeeping Act |
| Email logs | 90 days | Security / debugging |
| Technical logs (IP, session) | 90 days | Security monitoring |
For customers conducting CSRD sustainability reporting, Article-4 can serve as verifiable evidence for ESRS S1 (own workforce โ training and skills development).
What Article-4 covers for your CSRD report
Policies related to own workforce โ AI literacy policy evidence
Taking action on material impacts โ documented training completion
Training and skills development โ hours, completion rates, scores
Business conduct โ compliance training as governance evidence
Export your evidence log from /app/evidenceโ "Export for audit" to get a structured CSV ready for your sustainability auditor.
99.5%
Target uptime
Excl. planned maintenance
2 days
Support response
Via hei@article-4.com
24 hours
Maintenance notice
Via email to admin users