Appetize.io maintains a formal security program in accordance with industry standards (ISO 27001 and SOC2 Type I) designed to ensure the confidentiality, integrity, and availability of the Appetize.io Software and all processing of Licensee data.
If you are an interested party and would like to know more about our information security management system, please reach out to security@appetize.io. Click here to download our ISO 27001-2013 Certificate. If you would like to receive our SOC2 Certificate, please contact sales@appetize.io.
Third party penetration tests and ISO 27001 certification audits are conducted annually and reports are available upon request.
Subprocessors and other third parties with access to Licensee data are reviewed during initial onboarding and annually thereafter to ensure compliance with the Appetize.io ISMS policies.
System and application logs are stored centrally, and protected against unauthorized access, modification, and deletion. Logs are monitored regularly for software issues, unauthorized access, and other anomalies.
All Licensee data is encrypted both at rest and in transit using AES-256 or stronger and TLS 1.2+.
The Appetize.io Software and all systems storing or processing Licensee data are scanned regularly for security patches, vulnerabilities, and malware.
User sessions are sandboxed from other users, and your data will not be accessed by third parties.
All user data generated in the virtual device during a user session is cleared at the end of each session (like a factory reset), simulator user device logs are wiped.
Keyboard/mouse commands and screen frames are never saved unless explicitly requested.
Access control lists and firewall rules are designed to grant minimal necessary permissions.
Uploaded binaries are held privately and securely, and are encrypted at rest.
Each session receives a unique token, usable only once to start a session.
All data transfer is SSL encrypted, configured to follow industry best practices.
Emails from our system are DKIM signed.
Regular monitoring for potential security vulnerabilities and immediate remediation of any material security vulnerabilities discovered.
