Platform Security & Compliance Standards | Data Encryption & Storage
We go beyond the security and compliance standards you’d expect
We take security very seriously
Our team take considerable measures to maintain the trust of our customers, including (but not limited to):
Regional Data Storage
Appspace is designed to work on regional storage, keeping customer data close to (their) home.
Redundant Storage
Customer data is backed up at least every fours in the event it something needs to be recovered.
Automatic Failover
In the event of failure, standby services can step in with minimal interruption to the customer.
Disaster Recovery Plan
Our plans are regularly tested and improved to ensure the lowest impact to customers.
Company-Wide Training
We conduct regular third-party training for all employees on security threat awareness.
HSTS Preloaded
Inclusion in Google's strict program for sites that are hardcoded as being HTTPS only.
Data Encryption
All customer data is encrypted with TLS 1.2+ when in transit and AES256 when at rest.
Biometric Security
Physical access to data centers housing Appspace services and data require multi-level verification.
Physical Security
Data centers housing Appspace services and data are monitored 24/7/365 by security personnel.
CCTV Monitoring
Data centers housing Appspace services and data are monitored 24/7/365 by CCTV surveillance.
Earthquake-Proof Facilities
Data centers housing Appspace services and data are protected from severe natural disasters.
Background Checks
All employees go through background checks to mitigiate potential risks.
Authorized Only
All support team access is restricted for maintenance and troubleshooting purposes.
Privileged Access
Top-level administrators require an additional set of authentication using a one-time password.
Multi-Level Tokens
We implement session, access, and refresh tokens in multiple areas of the Appspace platform.
Continuous Access Logging
All support team activity is logged and recorded to mitigate potential risks.
Software Security Testing
We run regular internal & third-party penetration testing of Appspace services for known vulnerabilities.
Network Testing
We run regular internal & third-party penetration testing of Appspace infrastructure for known vulnerabilities.
External Audits & Tools
Continuous cycle of testing and improvement using dedicated tools and independent auditors.
Dedicated CloudOps Team
Experts focused on continuous performance, operations, and security improvements.
Built to Scale
Infrastructure and operational controls designed to transparently grow well beyond your needs.
We expect big things from our partners
We hold our service providers to very high standards. Data centers, co-location, and managed service providers undergo regular SOC1, SOC2 and/or ISO 27001 audits to verify their practices.
Frequent audits
Troubleshooting teams
Regular security tests
Industry compliance
FAQs
We get asked a lot of questions, so we've pulled them together to make it easier for you to find the answers you need. This page is updated regularly, so be sure to check back for updates.
ISO27001 - The Appspace Security Team has modeled our internal security policies on the ISO27001 Certification. Certain aspects of the certification do not apply to our customer’s needs, but we are working on expanding the scope of the certification of our product and cloud services portfolio.
We have put a lot of work into implementing controls that help us meet our customer’s needs and can adjust quickly to the realities and challenges of delivering a SaaS platform. We include the controls found in external regulatory requirements and industry standards.
Appspace uses TLS to protect information while in transit across the Internet. We have implemented TLS1.2 and higher to support 256bit and higher encryption, further supporting data protection.
All database and content backups for the Appspace platform occur at least every four hours, and backups are retained for no less than three months. All backup data is encrypted.
Yes, Appspace cloud-based systems only use TLS, for communication. In addition, and in line with Industry standards, we have removed support for SSL 3.
Passwords are stored in a one-way hash within the Appspace platform.
ISO27001 - The Appspace Security Team has modeled our internal security policies on the ISO27001 Certification. Certain aspects of the certification do not apply to our customer’s needs, but we are working on expanding the scope of the certification of our product and cloud services portfolio.
We have put a lot of work into implementing controls that help us meet our customer’s needs and can adjust quickly to the realities and challenges of delivering a SaaS platform. We include the controls found in external regulatory requirements and industry standards.
Appspace uses TLS to protect information while in transit across the Internet. We have implemented TLS1.2 and higher to support 256bit and higher encryption, further supporting data protection.
All database and content backups for the Appspace platform occur at least every four hours, and backups are retained for no less than three months. All backup data is encrypted.
Yes, Appspace cloud-based systems only use TLS, for communication. In addition, and in line with Industry standards, we have removed support for SSL 3.