At APLY, data and security is important to us. We take the privacy and security of customer information very seriously so we make every effort to ensure our security protocols and systems are up to date with industry standards.
Security and privacy are the core of our application infrastructure. Due to the technical nature of the software, it can be difficult to understand what that involves if you're not yourself a developer or an IT Professional so here is a bit more information that explains the measures our team take to protect your information.
How we protect you and your customer data
For us, this meant developing an application that was "private by design", with the latest technology stack at the front end (Angular) and a robust and industry proven technology for our API (Ruby on Rails). APLY is hosted in a secure environment that gives our developers full control over version deployment. For this reason, we chose to use Heroku as our development platform provider.
Technically it offers us flexibility in our development process and paired with Amazon Web Services (AWS) for our hosting it offers the most secure application environment.
AWS deploys the following tools as security measures:
Network firewalls to prevent access outside of the application internal network
Encryption across all services using TLS when data is transferred between services
Data encryption using AES-256 to make application's files and database "un-readable" directly on disk
Identity and access management for restricting unwanted access to our resources
These are only a few of the security measures installed by AWS. However, we hope you’ve found this useful. If you are interested to learn more about the full range of features
At APLY, when we say "private by design" we mean that when the customer has been verified and the agency has downloaded their report, we clean EVERY piece of personal information, including images and videos, related to the person you've verified, 5 minutes after you download the report. We only retain the internal reference number, partners products’ IDs and internal APLY ID for billing purposes and auditing. This process ensures that only a very limited amount of nominal data remains in our database at any time.
If for any reason, you haven’t downloaded the customer report or your customer hasn’t completed the process, the maximum life-span of the customer’s verification information is 7 days. Once this time has lapsed, any customer data is automatically cleaned, images and videos deleted, and the verification is archived as described earlier.
Every time you submit or request data, APLY verifies; that this data is visible within your company based on the token generated and the user’s role (that someone isn't trying to access data they aren't allowed to read). Any malicious requests would not only be denied access, but it would also raise an alert on our side to be investigated immediately.
Our verification assets (videos and images), are also stored on AWS using 3 different randomly generated keys based on different algorithms, making it impossible for anyone outside the application to know these assets' URL.
We believe in privacy by design, from the ground up we have developed APLY to be a secure place for your customer’s information. If you have any further questions on our infrastructure then please do not hesitate to contact our privacy officer firstname.lastname@example.org
Encryption: Data concealed by converting it into a code
Angular: a structural framework developed by Google for creating dynamic web apps
Ruby on Rails: Our server side framework to create APLY's API
HTTPS: Hyper Text Transfer Protocol Secure, this is a secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. It means all communications between your browser and the website are encrypted.
JWT: JSON Web Token, is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.
Heroku: a cloud-based development platform
SSL: Secure Sockets Layer, is the standard security technology for establishing an encrypted link between a web server and a browser.
AWS: Amazon Web Services is a secure cloud services platform
AES: Advanced Encryption Standard
TLS: Transport Layer Security is a cryptographic protocol designed to provide communications security over a computer network