Trust & security
Compliance was our first feature.
EU-hosted. GDPR compliant. Designed for organizations with employee representation and data protection officers. Every data handling decision documented and verifiable.
Principles
Three principles that govern every data decision.
Diagnose the organization, not the individual
Applied Integral produces organizational intelligence. Pulse survey data is aggregated. Organizational network analysis works on communication metadata, not content. The output is a picture of how the organization works, not a profile of how any one person performs.
Anonymization by design
Pulse survey responses are stripped of identifying information before they reach any dashboard. Minimum aggregation thresholds prevent identification through small group sizes. Results for groups below six people are suppressed entirely.
European data protection at the foundation
GDPR compliant. Hosted in the EU. Built for organizations that take co-determination seriously. Built on European data protection requirements from the start.
Data handling
What we collect, how it's handled, and who sees it.
Different data types have different identifiability levels. This table documents exactly how each type is handled.
| Data type | What it measures | Individual-level? | Who sees results |
|---|---|---|---|
| Change Lens | Individual change readiness and preferences | Yes — a personal report for each participant | Each participant sees their own report. The team owner (who created the team) sees all results, and decides whether individual results feed the team aggregate or are shown to other members. |
| Org Challenge Locator | Organizational friction points as experienced by the individual | Yes — a personal diagnostic for each participant | Each participant sees their own diagnostic. The team owner sees all results, and decides whether individual results feed the team aggregate or are shown to other members. |
| Maturity Atlas | Organizational maturity across multiple dimensions | Yes — a personal assessment for each participant | Each participant sees their own results. The team owner sees all results, and decides whether individual results feed the team aggregate or are shown to other members. |
| Pulse Surveys | Weekly organizational sensing across four dimensions | No — responses are anonymized before aggregation | Team and organizational-level aggregates only. No individual responses visible to anyone. |
| ONA (Network Analysis) | Communication and collaboration patterns | No — aggregated metadata analysis | Team and department-level patterns only. No individual communication data visible. |
| KPI Integration | Operational performance indicators | N/A — organizational data, not employee data | As configured by the organization. |
Individual change readiness and preferences
Yes — a personal report for each participant
Each participant sees their own report. The team owner (who created the team) sees all results, and decides whether individual results feed the team aggregate or are shown to other members.
Organizational friction points as experienced by the individual
Yes — a personal diagnostic for each participant
Each participant sees their own diagnostic. The team owner sees all results, and decides whether individual results feed the team aggregate or are shown to other members.
Organizational maturity across multiple dimensions
Yes — a personal assessment for each participant
Each participant sees their own results. The team owner sees all results, and decides whether individual results feed the team aggregate or are shown to other members.
Weekly organizational sensing across four dimensions
No — responses are anonymized before aggregation
Team and organizational-level aggregates only. No individual responses visible to anyone.
Communication and collaboration patterns
No — aggregated metadata analysis
Team and department-level patterns only. No individual communication data visible.
Operational performance indicators
N/A — organizational data, not employee data
As configured by the organization.
Anonymization
How anonymization works. Specifically.
Minimum aggregation threshold
Pulse survey data is only displayed when a group contains at least six respondents. This threshold applies to every level of reporting: team, department, business unit.
What happens below the threshold
If a team has fewer than six pulse survey respondents in a given period, results for that group are suppressed. They are not displayed, not accessible through filters, and not available through the API. The data is included only in higher-level aggregates where the threshold is met.
How anonymization works technically
Pulse survey responses are separated from respondent identity at the point of collection. The aggregation engine processes responses without access to identifying information. No path exists in the system to connect an aggregated response back to an individual.
Organizational network analysis methodology
ONA analyzes metadata from communication tools: frequency, directionality, response patterns between teams. It does not read message content, email bodies, chat messages, or file contents. ONA output is aggregated to team and department level. No individual communication profiles are generated or stored.
No individual performance scoring
Applied Integral does not score, rank, or benchmark individual employees against each other. There is no individual performance rating, no comparative ranking, and no mechanism for managers to evaluate individuals through Applied Integral’s organizational data.
No path exists in the system to connect an aggregated response back to an individual.
Co-determination
Built for organizations with employee representation.
Most SaaS platforms treat employee representation requirements as an afterthought, something to address in a legal addendum. Applied Integral is designed for co-determination from the ground up.
The principle
Where employees have statutory representation rights over workplace monitoring and data collection, Applied Integral respects those rights fully. Employee representatives can review the methodology, the data handling, and the platform configuration before and during use. Applied Integral provides template agreements as a starting point for each jurisdiction.
Template agreements by jurisdiction
Applied Integral provides jurisdiction-specific documentation so employee representatives can review and adapt agreements for their legal framework.
Germany (Betriebsvereinbarung)
Template works agreement under BetrVG. Covers data collection scope, processing purposes, access controls, retention, and deletion. Designed for co-determination under Section 87(1) No. 6. The template is a starting point for the works council to review and adapt.
Austria (Betriebsvereinbarung)
Template agreement under the Arbeitsverfassungsgesetz (ArbVG). Covers the same scope, adapted for Austrian co-determination requirements.
France (Accord d'entreprise / CSE consultation)
Documentation for Comité Social et Économique consultation on employee data collection tools, covering scope, methodology, and access controls.
Other jurisdictions
Applied Integral provides equivalent documentation adapted to your jurisdiction’s employee representation framework.
Voluntary participation
Participation in pulse surveys and assessments is voluntary. Applied Integral does not include mechanisms for tracking individual participation or applying pressure to respond.
Employee representative access
Employee representatives (works councils, staff committees, or equivalent bodies) can review the anonymization methodology, aggregation logic, data handling procedures, and platform configuration at any time. Applied Integral supports granting representative bodies read access to system documentation and data processing records.
Not a performance evaluation tool
Applied Integral will not be used for individual performance evaluation, and the platform does not produce outputs that could serve this purpose. Pulse survey data is anonymous. ONA data is aggregated. Individual assessments produce personal development reports for the individual, not evaluation material for management.
Infrastructure
Where your data lives and how it's protected.
GDPR
GDPR compliance in detail.
Legal basis for processing
Applied Integral processes organizational data on the basis of legitimate interest (Article 6(1)(f) GDPR) and contract performance (Article 6(1)(b) GDPR). The specific legal basis depends on the data type and processing purpose, documented in the data processing agreement.
Data minimization
Applied Integral collects what is needed for organizational diagnosis. Pulse surveys collect responses to organizational questions, not personal information beyond what's required for group-level aggregation. ONA processes communication metadata, not content. Individual assessments collect responses relevant to the assessment purpose.
Data subject rights
Individuals have the right to access their personal data held by Applied Integral, request rectification of inaccurate data, request deletion of their data, and request data portability in a machine-readable format. Requests are processed through the organization’s Applied Integral administrator or directly through Applied Integral’s data protection contact.
Data retention
Data is retained for the duration of the customer contract. Upon contract termination, all customer data is deleted within 90 days. Individual data subject deletion requests are processed within 30 days.
Data portability
Organizations can export their data in standard formats at any time during the contract period.
Data processing agreement
The DPA covers everything you'd expect. And a few things you wouldn't.
A standard Data Processing Agreement is available for review and signing before onboarding begins. No data processing starts without a signed DPA. Compliant with GDPR Article 28 requirements.
Questions
Common questions from DPOs, legal counsel, and employee representatives.
Questions about data protection?
If you need additional detail for your DPO, legal team, or employee representatives, we're happy to walk through the specifics.