Trust Center
Our commitment to security, privacy, and compliance. Certifications, data handling practices, and uptime guarantees.
Last updated: February 19, 2026
GDPR Compliant
Full UK and EU GDPR compliance
ICO Registered
Registered UK data controller
99.9% Uptime
High-availability infrastructure
Privacy by Design
Privacy built into every feature
1. Compliance Framework
GDPR Compliance
Apidly is fully compliant with the UK GDPR and EU GDPR. We have implemented comprehensive data protection measures including Data Protection Impact Assessments (DPIAs), Records of Processing Activities (ROPA), and a dedicated Data Protection Officer. We process data lawfully, transparently, and for specified purposes.
CCPA/CPRA Compliance
We comply with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). California residents can exercise their rights to know, delete, correct, and opt out of the sale of personal information.
ICO Registration
We are registered with the UK Information Commissioner's Office (ICO) as a data controller. Our registration details are publicly available on the ICO's register.
2. Data Handling
Data Minimisation
We collect and process only the minimum data necessary to provide our services. We regularly review our data collection practices and delete data that is no longer needed.
Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected. When you delete your account, we remove your personal data within 30 days. Some data may be retained longer for legal or regulatory requirements.
International Data Transfers
When personal data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission and the UK Information Commissioner.
Sub-Processor Management
We maintain a public list of sub-processors who process personal data on our behalf. We conduct due diligence on all sub-processors and ensure they meet our data protection standards. See our Sub-Processors page for the full list.
3. Uptime & Reliability
Uptime Target
We target 99.9% uptime for our platform, measured on a monthly basis. This equates to less than 43 minutes of downtime per month, excluding scheduled maintenance windows.
Status Page
Real-time service status is available on our public status page. Subscribe to receive notifications about incidents and scheduled maintenance. Historical uptime data is publicly available.
Backup & Recovery
We perform continuous database backups with point-in-time recovery capability. Backups are encrypted and stored in geographically separate locations. Recovery time objective (RTO) is 4 hours; recovery point objective (RPO) is 1 hour.
4. Privacy by Design
Built-In Privacy
Privacy is integrated into our product development lifecycle from the outset, not bolted on as an afterthought. Every new feature undergoes privacy review before release.
Default Settings
Our default settings are configured for maximum privacy. Data sharing, analytics, and marketing communications are opt-in, not opt-out. We never sell personal data.
User Controls
You have full control over your data: export all your data at any time, delete individual items or your entire account, manage consent preferences, and control what information is shared.
5. Third-Party Security
Vendor Assessment
All third-party vendors and service providers undergo security assessment before onboarding. We evaluate their security practices, certifications, data handling procedures, and incident response capabilities.
Payment Processing
Payment processing is handled by PCI DSS Level 1 certified providers (Stripe and PayPal). We never store, process, or transmit credit card numbers on our servers. All payment data is handled directly by our payment processors.
Authentication Provider
User authentication is managed by Clerk, a SOC 2 Type II certified identity provider. Passwords are never stored on our servers. We support multi-factor authentication (MFA) for enhanced account security.
Our privacy and security teams are available to answer compliance questions and provide additional documentation.
Privacy: privacy@apidly.com
Security: security@apidly.com