Grow with AppMaster Grow with AppMaster.
Become our partner arrow ico
Data security

We keep all your data private and safe

AppMaster provides an incredibly efficient development environment, but we know this cannot come at the cost of your company's security. We guarantee our platform will always be secure and never slow down your project.

Comprehensive logging

Comprehensive logging

We use the industry's leading log collection and management solutions. Logging in generated applications can be configured in great detail.

Application privacy

Application privacy

An app’s data is protected at the application level. Pre-built modules simplify security-related tasks such as encrypting data at rest.

Point-in-time recovery

Point-in-time recovery

You have the ability to access point-in-time data recovery. If you deploy a feature that impacts your data, you can recover your data from a previous time.

User data

User data

We utilize AWS rigorous data separation measures. We encrypt and separate user data, which limits all access and checks and enforces permissions for requests.

Secure Vault Storage

Secure Vault Storage

We use a special Secure Vault Storage to store and tightly control access to your secrets and keys to protect this data even at the higher levels.

Role-based access

Role-based access

Role-based access will only grant the right team members in your company access to make, change and deploy applications.

Comprehensive compliant environment

Our IDE lets you create projects that are safe and compliant. AppMaster is built with security-by-design and uses the world’s leading enterprise-grade security technologies.

Amazon Web Services

Amazon Web Services

AppMaster is running on Amazon Web Services, which complies with certifications such as SOC 2, CSA, ISO 27001, and more.

HTTPS encryption

HTTPS encryption

Every connection made to AppMaster is end-to-end encrypted over HTTPS with TLS v1.3. We force HTTPS for all services and infrastructure.

Secure payments

Secure payments

With Stripe we don't store PCI-DSS information ourselves. Stripe is certified to PCI Service Provider Level 1, the most stringent level.

Security & compliance

High availability and resilience

Our robust framework includes many features that help keep your data secure so you can focus on creating the best products possible.

Shared Responsibility Model

Shared Responsibility Model

We operate, manage, and control the components from the platform down to the infrastructure. You secure the applications and integrations you develop via user-defined privacy rules.

Attack Surface Minimization

Attack Surface Minimization

We use AWS RDS for databases, Route 53 for secure DNS zone management, VPC for service isolation, docker containers for service isolation within a single virtual server.

Access Control

Access Control

Access to all systems is role-based, with the principles of deny-by-default and least-privilege. No access to the user data is possible without explicit consent from the data owner.

Failover and Backup

Failover and Backup

Our system includes automatic backups. If one server goes down, another will take over immediately. We can reconstruct all AppMaster.io data in a new location in a matter of days.

owasp

OWASP & Regulatory Compliance

OWASP is a non-profit organization that keeps track of the most important security vulnerabilities. AppMaster follows their recommendations, so you can rest assured we have your back. Besides, AppMaster is actively pursuing the American Institute of CPAs industry-standard cybersecurity program, SOC-2.

security management

The best security management practices

We take maximum precautions, so your data remains safe. We've created clear processes to help our development teams build security into your product.

Change Management

Change Management

We use Bitbucket and CI in our development process. CI runs automated tests and pushes changes to the staging instance, allowing for monitoring and quality assurance.

Vulnerability Management

Vulnerability Management

We continually monitor our code to assess vulnerability and respond quickly when any vulnerability arises. All modules and dependent packages are updated on the regular basis.

Incident Management

Incident Management

We investigate and fix any security concerns that are reported. If we think you're affected, you'll get an update as soon as possible, much sooner than the legally mandated 72 hours.

Start building your apps right now

Without code! Without using a lot of applications! Join AppMaster Platform and build powerful server, mobile and web apps for your team with one tool.