PLATFORM FEATURES

Security is always top-of-mind as we further build and improve the Apprentix platform. All Apprentix customers benefit from the security investments we have made.

Apprentix is built on Amazon Web Services, which is itself compliant with certifications such as SOC 2, CSA, ISO 27001, and more.

We use automated code testing, vulnerability testing (including OWASP Top 10), and continuous monitoring technologies.

Apprentix can access point-in-time data recovery for our own data at any time.

Apprentix comes with logs so that we can review what our app has done, even in the background.

Data both at rest and in transit is encrypted. We use AWS RDS’s AES-256 encryption to encrypt data at rest. See for yourself the encryption we use for data in transit.

SCALABILITY

FAQs

Is each customer's apprenticeship data kept private and not shared with any other organization?

Yes, none of your data is shared with any other organization so you can rest assured that your data is safe and secure.

Are there different permissions by user type?

Yes, each user has different permissions to read/write data. In general:

Do you have 2FA (two-factor authentication)?

Yes, we have a 2FA method that allows Admins to mandate 2FA for other Admins and/or non-Admins. Users can choose from two options: authentication app (recommended) or email code.

What programming language is your platform built on?

We are built on top of Bubble.io which is a visual programming platform that is built on JavaScript.

Where is your data hosted?

Our data is hosted by Bubble.io on US servers using Amazon Web Services (AWS).

What is your disaster recovery plan?

Please view our plan here.

What is Bubble's disaster recovery plan?

Bubble has a comprehensive business continuity and disaster recovery policy in place, which is reviewed and updated on an annual basis. The purpose of this business continuity plan is to prepare Bubble Group in the event of extended service outages caused by factors beyond our control (e.g., natural disasters, manmade events), and to restore services to the widest extent possible in a minimum time frame. They do not currently share their disaster recovery policy externally. Additionally, in cases where Bubble is compromised, please check out their Information Security Incident Response Policy. This Information Security Incident Response Policy identifies those steps that Bubble must consider taking in response to an actual or suspected compromise of information belonging to Bubble. You can find more information on Bubble's security policies here.

You can find more information on Bubble's security practices here.

Have you suffered a data loss or security breach in the last 3 years?

No (answer updated as of 1/30/24)

Is there a dedicated information security manager/function/team responsible for security initiatives?

Yes

Do you have an internal audit department that tests IT Controls on a periodic basis?

Yes

Will scope data be encrypted in transit?

Yes

Will scope data be encrypted at rest?

Yes

Do you have SOC audit documentation?

Bubble is SOC 2 compliant and has gone through a thorough external audit process by the independent auditor Sensiba LLP, and demonstrated effective controls in place to ensure security of the platform.

What is your uptime?

You can find a record of our uptime for each month here.

Is Personal Information kept secure?

Yes, our privacy policies keep personal information secure.

What is your password policy?