Security & Compliance

At Apiphany, we implement a multi-layered security framework tailored to our AI-driven SaaS solutions. By leveraging a shared responsibility model, we delineate the controls inherited from our cloud service providers (CSPs) and the safeguards we provide to protect our customers’ data and systems.

Apiphany adheres to industry-leading standards to ensure robust data protection and operational excellence. We maintain compliance with SOC 2, and encryption standards like AES-256 for data at rest.

GDPR
Apiphany complies with the General Data Protection Regulation (GDPR), ensuring our products, workflows, and policies meet the obligations of a data processor. For further details, refer to our GDPR compliance resources.

CCPA
Although Apiphany does not primarily process or store personal data, we support customers in fulfilling California Consumer Privacy Act (CCPA) requirements by providing a CCPA Addendum where necessary. This ensures compliance when personal data falls within the scope of services.

Access to Apiphany systems and sensitive information is strictly controlled:

  • Need-to-Know Basis: Access is granted only as required by role responsibilities.
  • Least Privilege Principle: Employees are given the minimum access necessary to perform their job functions.
  • Multi-Factor Authentication (MFA): All accounts use MFA, combining strong passwords with an additional verification step.
  • Vendor Access: Third-party vendors do not have direct access to production environments.

Administrative roles are subject to additional layers of security. Access to production environments is logged, monitored, and regularly audited to maintain compliance and detect anomalies.

Protecting customer data is a top priority at Apiphany. All data submitted to our platform is treated as highly confidential and safeguarded through:

  • Encryption: Data is encrypted in transit and at rest using AES-256 and TLS. If encrypted communication is interrupted, the platform is rendered inaccessible to maintain security.
  • Access Controls: Administrative credentials are protected with full-disk encryption, unique credentials for each workstation, and routine validation of access mechanisms.
  • Sensitive Data Tools: Customers have access to tools for detecting and sanitizing sensitive data, such as personally identifiable information (PII), before it enters the platform.

Apiphany ensures that customer data remains within production environments unless explicitly required to support customer requests

Apiphany’s platform is built for reliability and scalability, leveraging the infrastructure of trusted CSP partners. Key measures include:

  • Virtual Private Clouds (VPCs): Internal systems are isolated within VPCs, with network access managed through predefined security group rules.

Apiphany employs advanced monitoring systems to oversee its infrastructure for potential security threats:

  • Activity Logging: Events such as API interactions and system calls are centralized and evaluated using custom rule sets designed to identify unauthorized or malicious behavior.
  • Automated Responses:  Detected anomalies trigger automated actions, such as security team alerts or additional user authentication.
  • Proactive Threat Management: These measures ensure swift detection and resolution of security incidents.

To deliver high-quality services, Apiphany partners with third-party vendors while maintaining rigorous oversight. Our Vendor Management Program includes:

  • Comprehensive Evaluations: Each engagement is assessed for technical, administrative, and physical security controls.
  • Automated Responses:  Detected anomalies trigger automated actions, such as security team alerts or additional user authentication.
  • Alignment with Standards: Vendors must meet Apiphany’s security and privacy standards, ensuring their practices align with the expectations of our company and customers.

This program safeguards our operations and protects sensitive customer information.

Resources
Terms & ConditionsPrivacy PolicySecurityTechnical DocumentationGuides & Onboarding