All Collections
Apprentix Security Policies
Apprentix Security Policies
Updated over a week ago

Companies of all sizes trust Apprentix to power their apprenticeships.

With the security features, scalability, and extensibility you need.


Protecting your apprenticeships and data with industry best practices.

Security is always top-of-mind as we further build and improve the Apprentix platform. All Apprentix customers benefit from the security investments we have made.

Amazon Web Services

Apprentix is built on Amazon Web Services, which is itself compliant with certifications such as SOC 2, CSA, ISO 27001, and more.

Vulnerability testing

We use automated code testing, vulnerability testing (including OWASP Top 10), and continuous monitoring technologies.

Point-in-time recovery

Apprentix can access point-in-time data recovery for our own data at any time.

Extensive logs

Apprentix comes with logs so that we can review what our app has done, even in the background.

Data encryption

Data both at rest and in transit is encrypted. We use AWS RDS’s AES-256 encryption to encrypt data at rest. See for yourself the encryption we use for data in transit.


Growing with your apprenticeships in terms of users and complexity.

Apprentix runs production-grade apprenticeships and can scale as your apprenticeships grow in users and complexity.


Is each customer's apprenticeship data kept private and not shared with any other organization?

Yes, none of your data is shared with any other organization so you can rest assured that your data is safe and secure.

Are there different permissions by user type?

Yes, each user has different permissions to read/write data. In general:

  • Primary Admins are granted read/write access to all information relevant to their apprenticeships.

  • Client Admins (on the Partner Plan only) are granted read/write access to all information relevant to their apprenticeships.

  • Program Sponsors are granted read/write access to all information relevant to their apprenticeships..

  • Managers are granted read/write access to enter and approve time and competencies, run performance reports, and assess their apprentices.

  • Mentors are granted read/write access to view performance and provide feedback to their apprentices but do not have permission to enter or approve time and competencies.

  • Apprentices are granted read/write access to view their performance and enter time, request evaluations, and view their assessment results when shared with them.

Do you have 2FA (two-factor authentication)?

Yes, we have a 2FA method that allows Admins to mandate 2FA for other Admins and/or non-Admins. Users can choose from two options: authentication app (recommended) or email code.

What programming language is your platform built on?

We are built on top of which is a visual programming platform that is built on JavaScript.

Where is your data hosted?

Our data is hosted by on US servers using Amazon Web Services (AWS).

What is your disaster recovery plan?

Please view our plan here.

What is Bubble's disaster recovery plan?

Bubble has a comprehensive business continuity and disaster recovery policy in place, which is reviewed and updated on an annual basis. The purpose of this business continuity plan is to prepare Bubble Group in the event of extended service outages caused by factors beyond our control (e.g., natural disasters, manmade events), and to restore services to the widest extent possible in a minimum time frame. They do not currently share their disaster recovery policy externally. Additionally, in cases where Bubble is compromised, please check out their Information Security Incident Response Policy. This Information Security Incident Response Policy identifies those steps that Bubble must consider taking in response to an actual or suspected compromise of information belonging to Bubble. You can find more information on Bubble's security policies here.

You can find more information on Bubble's security practices here.

Have you suffered a data loss or security breach in the last 3 years?

No (answer updated as of 1/30/24)

Is there a dedicated information security manager/function/team responsible for security initiatives?


Do you have an internal audit department that tests IT Controls on a periodic basis?


Will scope data be encrypted in transit?


Will scope data be encrypted at rest?


Do you have SOC audit documentation?

Bubble is SOC 2 compliant and has gone through a thorough external audit process by the independent auditor Sensiba LLP, and demonstrated effective controls in place to ensure security of the platform.

What is your uptime?

You can find a record of our uptime for each month here.

Is Personal Information kept secure?

Yes, our privacy policies keep personal information secure.

What is your password policy?

  1. Password minimum length: 8

  2. Required numbers: 1

  3. Required special characters: 1

  4. Required uppercase letters: 1

Did this answer your question?