Data encryption in transit
- Data transfers between users and the Aptible platform are secured using industry-standard encryption methods.
Data encryption at rest
- Data within the Aptible production databases is encrypted at rest.
SAML 2.0 SSO
- Aptible supports the industry-standard SAML 2.0 protocol for authentication using an external identity provider.
Two-factor authentication (2FA)
- Aptible supports 2FA with Time Based One Time Passwords (ie Google Authenticator) and with hardware token (ie YubiKey).
- We complete risk assessment to gain an accurate and thorough understanding of the potential risks to and vulnerabilities of the security, availability, and confidentiality of our products and services.
- We engage with trusted third parties to complete network and application vulnerability scans at least annually.
- Aptible performs internal vulnerability scans monthly to identify, prioritize, and remediate potential system vulnerabilities.
Vendor Management Program
- Aptible has implemented vendor management policies and procedures to ensure protection of assets and data that are accessible by vendors, and to establish standards for information security and service delivery from vendors.
- Aptible conducts background checks on all applicants selected for full-time employment.
- All Aptillians receive security awareness training and all employees are required to complete the training annually.
- We have documented and implemented a business continuity plan that we activate and follow in the event of disruptions.
- We backup all production data and all backups are geo-replicate backups within the same judicial data boundary.
- We test our business continuity plan at least annually using different real world scenarios.
- We monitor the Comply and Deploy so that we can understand and maintain the stability and availability of our environment.
Aptible currently maintains the following industry standard certifications:
Aptible has established and Legal team and internal processes to comply with the following regulations:
Data Transfers from the EU to the US
- The core Aptible Deploy and Aptible Comply APIs are hosted in the United States. You may choose to run Deploy stacks in non-U.S. regions, such as the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law. Please note that when you use the core Deploy and Comply APIs, you are transferring your information outside of those regions to the United States for storage and processing. If there is an issue with any one in the US having access to your Deploy resources, please reach out to our team to learn more about our Deploy Bring Your Own (BYO) AWS model.
Deploy customers currently run dedicated stacks in the following Amazon Web Services (AWS) Regions:
- US-East-1 (N. Virginia)
- US-East-2 (Ohio)
- US-West-1 (N. California)
- US-West-2 (Oregon)
- AP-South-1 (Mumbai)
- AP-Southeast-2 (Sydney)
- CA-Central-1 (Central Canada)
- EU-Central-1 (Frankfurt)
- EU-West-1 (Ireland)
- EU-West-2 (London)
- The Comply platform application programming interfaces (APIs) run in the AWS US East (N. Virginia) Region.
Data Protection Agreement
- We will enter into a Data Protection Agreement that specifically outlines how and when data will be transferred from the EU to the US.
- We retain your personal information only as long as necessary to accomplish the business purpose for which it was collected or to comply with our legal and contractual obligations, plus 1 year, and then securely dispose of that information.
- Aptible shares information with service providers and other third parties who perform services on our behalf. This page provides a list of vendors with whom we share personal information as well as describes where each is located and what services these vendors provide for us.
Data Deletion Requests
- Upon request, we will delete information that we have collected about you. To exercise this option, or for additional information about our privacy and data security practices, please visit our Privacy Statement or contact us at email@example.com.
Bug Bounty Program
- We are dedicated to maintaining the security and privacy of the Aptible services and customer data. We welcome security researchers from the community who want to help us improve our products and services. If you discover a security vulnerability, please give us the chance to fix it by emailing us at firstname.lastname@example.org. Publicly disclosing a security vulnerability without informing us first puts the rest of the community at risk. When you notify us of a potential problem, we will work with you to make sure we understand the scope and cause of the issue. Thank you for your work and interest in making the community safer and more secure!
- Please see the full details and scope of our Bounty Program here.