Appetize maintains a formal security program in accordance with industry standards (ISO 27001 and SOC 2) designed to ensure the confidentiality, integrity, and availability of the Appetize Software and all processing of customer data.
Appetize is SOC 2 Type 2 compliant. We engage a certified third-party auditor at least annually to ensure our continued compliance. To request our SOC 2 Type 2 report, please submit a request through our security form.
Appetize has a Cloud Security Alliance Consensus Assessments Initiative Questionnaire (CAIQ) of over 260 cloud service provider controls against 17 domains. To request our CAIQ, please submit a request through our security form.
Appetize’s policies and practices comply with applicable data protection regulations and laws, including the GDPR and CCPA. Appetize operates a dedicated EU Cloud, and also adopts the European Commission’s approved Standard Contractual Clauses (“SCCs”), or other lawful alternative transfer mechanism as approved from time-to-time (e.g. the EU-US Data Privacy Framework).
We are happy to provide you with our security package, which includes our SOC 2 Type 2 report, ISO 27001 compliance certificate, CAIQ v4 security controls, and information regarding our latest third-party penetration test and vulnerability management. Some documents may require a signed NDA before they can be shared.