Trust Appspace

Our team is focused on ensuring that Appspace is the secure, fast, compliant, and reliable platform you expect.



Recognized practices for infrastructure, controls, and tech.



Continuous cycle of testing and improvement management.



Experts focused on performance, operations, and security.



Infrastructure & controls designed to grow well beyond your needs.


Optimized Data Storage & Encryption

The Appspace platform is designed and optimized to run on separate regional hardware on which the data is stored. Hardware failures are recovered automatically and data stored on redundant storage is backed up at least every four hours (but often it's more frequent). All data is encrypted when in transit and at rest


Secure Facilities Access

Access to data centers is highly restricted and limited to authorized personnel only, who are verified using biometric identity technology. Physical security measures include on-premises security guards, closed-circuit video monitoring, and a host of other intrusion protection measures. Within the data center, all Appspace equipment is stored in secure hardware racks designed to be earthquake-proof.

Data centers are located in geographically diverse locations across the United States, the European Union, and Asia Pacific.


Tight Restrictions on Account Access

The Appspace support team access hosted accounts and data for purposes of maintenance and troubleshooting, and only upon customer request. Only authorized Appspace employees have access to customer data. Authentication is via unique passphrase-protected public keys, rather than passwords, and servers only accept incoming connections from Appspace and internal data center locations.

All access to customer accounts or data is automatically recorded for review by our security team. The Appspace platform is designed to allow data to be accessible only with the appropriate credentials. Customers are responsible for maintaining the security of their login information.


We Expect Big Things From Our Partners

We hold our service providers to very high standards. Data centers, co-location, and managed service providers undergo regular SOC1, SOC2 and/or ISO 27001 audits to verify their practices.


Peace of Mind From Industry Compliance

We adhere to widely accepted standards and regulations for testing our operations, environment, and controls - as you would expect. 


Comprehensive External & Internal Software Security Testing

Our security team perform regular automated and manual software security testing. This is in addition to network vulnerability testing to identify and resolve potential security vulnerabilities and bugs.


We Are All About Being Better

Continuous development is a key part of any information security management process. Appspace solicits feedback from several internal teams, customers, as well as internal and external auditors to improve our security, privacy and compliance processes and controls over time.



We get asked a lot of questions, we've gathered them together to make it easier for you to find the answers you need. This page is regularly updated, so be sure to check back for new answers.


Does Appspace adhere to Information security standards?

ISO27001 - The Appspace Security Team has modeled our internal security policies on the ISO27001 Certification. Certain aspects of the certification do not apply to our customer’s needs, but we are working on expanding the scope of the certification of our product and cloud services portfolio.

Will Appspace share information on its internal controls?

We have put a lot of work into implementing controls that help us meet our customer’s needs and can adjust quickly to the realities and challenges of delivering a SaaS platform. We include the controls found in external regulatory requirements and industry standards.

Who has access to user data?

For Appspace cloud users, we've outlined our approach in our Cloud Security Statement and our Privacy Policy.

Is user data encrypted?

Appspace uses TLS to protect information while in transit across the Internet. We have implemented TLS1.1 and higher to support 256bit and higher encryption, further supporting data protection.

How are backups managed?

All database and content backups for the Appspace platform occur at least every four hours, and backups are retained for no less than three months. All backup data is encrypted.

Is TLS always used?

Yes, Appspace cloud-based systems only use TLS, for communication. In addition, and in line with Industry standards, we have removed support for SSL 3.

How are user passwords stored?

Passwords are stored in a one-way hash within the Appspace platform.

Does Appspace audit its cloud security?

We have an extensive security process that includes ongoing testing of our hosted systems.  We also undertake third party independent assessments of our platform.

Can we see the testing reports?

We are working on determining the best way to share reports and be open about our internal testing results in a way that is secure and makes sense for our customers and us.

Can we undertake our own security testing?

In line with our End User Agreement, we currently do not allow customer-initiated testing for our hosted service. We are committed to being open and will endeavor to share such information when we’ve determined the best course for doing so.

Can you complete my Security Questionnaire?

We are committed to being open and transparent and sharing as much information as we can to enable you to make your decision to use our platform. Unfortunately we are not able to answer each individual questionnaire.

What is Appspace's data privacy policy?

Please check out our latest Privacy Policy.

What responsibilities does Appspace maintain during a security incident? 

We aim to ensure Appspace users don't experience an outage or a security incident. However, an Incident Response Plan outlines the roles and responsibilities for Appspace and its users during such an event. Each plan is tailored to a specific incident type and is issued to account owners should a security incident should occur.