AppMaster provides an incredibly efficient development environment, but we know this cannot come at the cost of your company's security. We guarantee our platform will always be secure and never slow down your project.
We use the industry's leading log collection and management solutions. Logging in generated applications can be configured in great detail.
An app’s data is protected at the application level. Pre-built modules simplify security-related tasks such as encrypting data at rest.
You have the ability to access point-in-time data recovery. If you deploy a feature that impacts your data, you can recover your data from a previous time.
We utilize AWS rigorous data separation measures. We encrypt and separate user data, which limits all access and checks and enforces permissions for requests.
We use a special Secure Vault Storage to store and tightly control access to your secrets and keys to protect this data even at the higher levels.
Role-based access will only grant the right team members in your company access to make, change and deploy applications.
Our IDE lets you create projects that are safe and compliant. AppMaster is built with security-by-design and uses the world’s leading enterprise-grade security technologies.
AppMaster is running on Amazon Web Services, which complies with certifications such as SOC 2, CSA, ISO 27001, and more.
Every connection made to AppMaster is end-to-end encrypted over HTTPS with TLS v1.3. We force HTTPS for all services and infrastructure.
With Stripe we don't store PCI-DSS information ourselves. Stripe is certified to PCI Service Provider Level 1, the most stringent level.
Our robust framework includes many features that help keep your data secure so you can focus on creating the best products possible.
We operate, manage, and control the components from the platform down to the infrastructure. You secure the applications and integrations you develop via user-defined privacy rules.
We use AWS RDS for databases, Route 53 for secure DNS zone management, VPC for service isolation, docker containers for service isolation within a single virtual server.
Access to all systems is role-based, with the principles of deny-by-default and least-privilege. No access to the user data is possible without explicit consent from the data owner.
Our system includes automatic backups. If one server goes down, another will take over immediately. We can reconstruct all AppMaster.io data in a new location in a matter of days.
OWASP is a non-profit organization that keeps track of the most important security vulnerabilities. AppMaster follows their recommendations, so you can rest assured we have your back. Besides, AppMaster is actively pursuing the American Institute of CPAs industry-standard cybersecurity program, SOC-2.
We take maximum precautions, so your data remains safe. We've created clear processes to help our development teams build security into your product.
We use Bitbucket and CI in our development process. CI runs automated tests and pushes changes to the staging instance, allowing for monitoring and quality assurance.
We continually monitor our code to assess vulnerability and respond quickly when any vulnerability arises. All modules and dependent packages are updated on the regular basis.
We investigate and fix any security concerns that are reported. If we think you're affected, you'll get an update as soon as possible, much sooner than the legally mandated 72 hours.