Apirocket is ready and equipped to scale, compliant with regulations, and secure.
In this document we analyze main security choices that we've taken and what are our main security policies.
Apirocket delivers on enterprise expectations, enabling teams to successfully take digital projects to market globally.
Our application run on the best data centers in the world, all of them ensure compliance with the most known industry standards:
Data centers guarantee 24/7 security guard services, intrusion detection systems and stringent policies for personnel access. Only the minimal number of people are allowed in the data centers and their actions are routinely audited.
All the data centers have also backup battery and generators to provide energy in case of black out.
Risk of fire has been reduced with automatic fire detection and suppression equipment.
All our servers are based in USA and Europe (shared between Ireland, UK, Netherlands, Spain and Germany).
Our infrastructure is highly reliable and easy to reproduce by design. We rely on Amazon AWS Lamda which means that we are able to reprovision our entire application in a single deploy.
In case of an incident our engineering team is automatically notified, so that they can take action as soon as possible.
We collect status metrics on our servers and from third parties, giving us a good visibility on our CDN current status. We expose a public report on our status page.
Our network is globally distributed. We use multiple layers of caching, helping our servers to serve as little calls as possible, reducing the risk of downtime in case of server issues.
Our servers and services infrastructure is protected by firewalls that let traffic through explicitely allowed ports and protocols.
Your content is delivered to users at any place in the world blazingly fast thanks to the Global middle-layer CDN caching and Origin Shield.
Our global CDN provides DDoS mitigation techniques to spread the load across the globe and minimise the impact of those attacks.
Every connection to our service and in between services is encrypted using TLS. This guarantees that all the traffic securely traverse our services and reach our users without being snooped or compromised.
We enforce a network rate limit to prevent malicious actors to degrade performance across different accounts and guarantee a good performance to everyone.
Service availability and performance is monitored by our support engineers 24/7. We offer a service level agreement for a uptime of 99.9%.
Read more about the security policies of the infrastructure providers that we use: Amazon AWS, Cloudflare, Netlify, Heroku, Google Cloud Platform and Imgix.
We interact with many third parties that are useful for various parts of the application. In every case we give access to the minimal set of information that we need to give them and use a unique access token minimising the risk of one system being compromised.
We make sure that every third party that we use is as careful as we are on security.
All the data is encrypted in transit with TLS, both internally between services and externally when reaching the users.
Our database data are encrypted at rest. We retain database backups for up to a week.
If you delete your project we delete all data from the live database immediately but we'll retain copies in our backups that are not accessible from the live system.
To process the payments we use Stripe. Stripe is PCI compliant for encrypting and processing credit card payments. We don't handle directly any credit card detail.
Our team is trained to be very careful with their own personal security (2FA, limit access to production environment, strongs passwords, encripted disks, use password manager to create and strore them...).