Home / Trust / Security

Security at Appice

Appice is deployed at over 10 Tier-1 banks, healthcare networks, and government agencies. The security posture below is what made that possible — and what we audit ourselves against every quarter.

Encryption

In transit

All data in motion is encrypted with TLS 1.2 or higher. TLS 1.0 and 1.1 are disabled at the load balancer. Cipher suites follow the Mozilla "intermediate" profile. HSTS is enforced with a 1-year max-age and preload.

At rest

All persistent storage — application databases, object storage, backups, log archives — is encrypted with AES-256. Keys are managed by the cloud provider's KMS (AWS KMS in India and EU regions; Azure Key Vault in GCC) with annual rotation and per-environment separation.

Application-layer

HashID — Appice's anonymous identifier for cross-property reach — is hashed with SHA-256 + per-tenant salt before persistence. Raw email and phone numbers are never stored unencrypted.

Network controls

• Private subnets. Application servers, databases, and message queues run in private VPC subnets with no public ingress. Only the load balancer is internet-facing.
• Web application firewall. AWS WAF / Cloudflare WAF in front of all customer-facing endpoints, with managed rule sets for OWASP Top 10 and rate-limiting.
• DDoS protection. Always-on volumetric protection at the edge.
• Egress filtering. Outbound traffic from production restricted to known sub-processor endpoints.
• VPN-only admin access. Operations engineers connect via WireGuard; production SSH requires hardware key (YubiKey) and time-bounded session approval.

Identity and access management

Customer-facing

• SSO via SAML 2.0 and OIDC (Okta, Azure AD, Google Workspace, Ping). Available on Enterprise plans.
• MFA enforced for password-based logins on all plans. TOTP and WebAuthn supported.
• Role-based access control with five built-in roles (Admin, Marketer, Analyst, Developer, Viewer) and a custom-role builder for granular policies.
• Audit logs capture every authentication event, configuration change, and data export. Available via API and exportable to SIEM.

Internal

• Least-privilege access — Appice engineers do not have standing production access. Just-in-time elevation requires manager approval and is logged.
• All employee accounts are SSO-backed with hardware-key MFA. Personal devices cannot access production.
• Quarterly access reviews; annual deprovisioning audit.

Secure development lifecycle

• Code review. All changes require peer review and pass automated checks (linting, unit tests, dependency scanning) before merge.
• Dependency scanning. Snyk and GitHub Dependabot run on every commit; high/critical CVEs block merge.
• Static analysis (SAST). Semgrep with OWASP rules runs on every PR.
• Dynamic analysis (DAST). OWASP ZAP scans staging environment weekly.
• Container scanning. All images scanned at build time; production blocks images with critical CVEs.
• Secrets management. No secrets in code. AWS Secrets Manager / HashiCorp Vault for runtime injection. Pre-commit hooks (gitleaks) prevent accidental commits.

Vulnerability management

External penetration testing performed annually by an independent CREST-certified firm. Summary report available under NDA. Bug bounty program runs continuously — see security@appice.ai.

Incident response

24/7 on-call rotation across infra, application, and security teams. Incidents are classified P0 through P4 with documented response targets:

Post-incident reviews are written for every P0/P1 and shared with affected customers. Lessons feed back into the security control set and runbooks.

Related

• Compliance certifications →
• Where your data lives →
• Risk management framework →
• API authentication (developer guide) ↗