Skip to content

Security FAQ

Infrastructure Security

Where is Apidly hosted?

Apidly is hosted on Vercel's global edge network, with primary compute regions in the United States and Europe. Our database is hosted on Neon's serverless PostgreSQL platform.

Is data encrypted?

Yes. All data is encrypted:

  • In transit: TLS 1.3 for all connections. We enforce HTTPS everywhere with HSTS headers.
  • At rest: Our database provider (Neon) encrypts all data at rest using AES-256.
  • Backups: Database backups are encrypted using the same standards.

How is the infrastructure secured?

  • All services run in isolated environments with no shared tenancy
  • Network access is restricted to required ports and services only
  • Infrastructure configuration is managed as code and version-controlled
  • We use serverless architecture, eliminating the need to manage and patch servers directly

Access Controls

How is authentication handled?

Authentication is managed by Clerk, an enterprise-grade identity platform. Features include:

  • Multi-factor authentication (MFA) support
  • Session management with automatic expiration
  • Brute force protection and rate limiting
  • OAuth and social login options

Who has access to customer data?

Access to production systems and customer data is strictly controlled:

  • Only essential team members have production access
  • All access is logged and auditable
  • We follow the principle of least privilege
  • Access reviews are conducted regularly

Incident Response

Do you have an incident response plan?

Yes. Our incident response plan includes:

  1. Detection — Automated monitoring and alerting for security events
  2. Assessment — Rapid triage to determine severity and scope
  3. Containment — Immediate steps to limit impact
  4. Resolution — Root cause analysis and remediation
  5. Notification — Affected customers are notified within 72 hours of confirmed breaches, in compliance with GDPR
  6. Review — Post-incident review and process improvement

How do I report a security vulnerability?

If you discover a security vulnerability, please report it responsibly:

  • Email: security@apidly.com
  • Please include a detailed description, steps to reproduce, and potential impact
  • We aim to acknowledge reports within 48 hours
  • We do not pursue legal action against good-faith security researchers

Data Protection

How long do you retain data?

Retention periods vary by data type:

  • Account data: Retained while your account is active, deleted within 30 days of account closure
  • Usage analytics: Retained for 26 months, then anonymised
  • Payment records: Retained for 7 years (legal requirement)
  • Generated content: Retained until you delete it or close your account

Can I export my data?

Yes. You can export your data at any time through your account settings. Data is provided in standard, machine-readable formats.

What happens when I delete my account?

When you request account deletion:

  1. Your account is immediately deactivated
  2. All personal data is queued for deletion
  3. Data is permanently deleted within 30 days
  4. Some data may be retained in encrypted backups for up to 90 days before being purged

Compliance

Is Apidly GDPR compliant?

Yes. We comply with the GDPR and UK GDPR. Key measures include:

  • Lawful basis for all data processing
  • Data processing agreements with all sub-processors
  • Data subject rights mechanisms (access, deletion, portability)
  • Privacy by Design principles in all development
  • Data Protection Impact Assessments for high-risk processing

Do you have a DPA?

Yes. A Data Processing Agreement is available for all customers. Contact us at privacy@apidly.com to request a copy.

Where can I find your sub-processor list?

Our current sub-processor list is available at Sub-Processors.

Backup and Recovery

How are backups handled?

  • Database backups are automated and continuous via Neon's point-in-time recovery
  • Backups are stored in geographically separate locations
  • Recovery can be performed to any point in time within the retention window
  • Backup restoration is tested regularly

What is your uptime target?

We target 99.9% uptime for our platform. Current and historical uptime data is available on our status page.

Contact

For security-related enquiries: