Security

Encryption and Data in Transit

All data transmitted between you and Applyology is encrypted over HTTPS using TLS. Our databases are encrypted at rest, ensuring your information is protected whether it is being sent or stored. We enforce strict transport security headers and use modern cipher suites across all of our services.

Authentication and Access Control

Passwords are never stored in plain text. We use industry-standard bcrypt hashing for all passwords, and credentials are filtered from application logs. We limit brute force attacks with rate limiting and support secure OAuth-based authentication flows with unrecoverable SHA-256 hashed keys and responsible key expiration and rotation timelines.

Secure Development Practices

Security starts with how we write code. All code changes go through peer review, automated testing, and quality checks before reaching production. We follow secure coding guidelines to guard against common vulnerabilities including injection attacks, cross-site scripting, and unauthorized access. Our development process prioritizes getting things right with security as our top priority.

Data Durability and Recovery

We use a multilayered backup strategy designed to be resilient to hardware failure, regional outages, and other unexpected events. Both point-in-time backups and regular snapshots are maintained, allowing us to recover your data reliably when needed.

Infrastructure and Physical Security

Applyology runs entirely on Amazon Web Services (AWS) in exclusively US-based data centers, which provide industry-leading physical security, redundancy, and availability. You can learn more about AWS data center security at AWS Data Center Controls.

Our infrastructure follows the AWS Well-Architected Framework for designing and operating reliable, secure, efficient, and sustainable systems in the cloud.

Questions or Concerns

If you have questions about our security practices or want to report a security issue, please contact us at security@applyology.com.