Security Overview

1. Our approach

We operate a security‑first engineering culture with risk‑based controls appropriate to client needs.

2. Technical measures

• Encryption in transit (TLS) and at rest for production systems.
• Secrets management and key rotation.
• Least‑privilege access, SSO/OAuth2 and role‑based access control.
• Infrastructure‑as‑code, automated builds and CI/CD with checks.
• Logging, monitoring, alerting and incident response runbooks.

3. Data protection

We design for UK GDPR alignment, conduct DPIAs where appropriate, and sign Data Processing Agreements with our subprocessors.

4. Testing & review

We conduct code reviews, dependency scanning and—where appropriate—independent penetration testing.

5. Responsible disclosure

To report a vulnerability, email security@appcode.co.uk. Please include steps to reproduce. We aim to acknowledge within 5 working days.