Security & Trust
Last Updated: May 1st, 2026 Document Version: 1.0 Document Classification: Public
At Apollo Deploy, security is not an add-on. It is foundational to how we design, build, and operate the platform.
Apollo Deploy exists to support high-impact release decisions. That responsibility demands a security posture built around confidentiality, integrity, availability, and controlled access.
This document describes Apollo Deploy's security practices, commitments, and limitations. It forms part of the contractual relationship between Apollo Deploy and its customers, alongside the Terms of Service, Privacy Policy, and Data Processing Agreement (DPA). In the event of conflict between this document and the Terms of Service, the Terms of Service shall prevail.
Definitions
For the purposes of this document:
- "Customer" means any entity or individual that has entered into an agreement with Apollo Deploy to use the platform.
- "Customer Data" means any data, content, or information submitted, uploaded, or generated by a Customer or its authorized users through the platform.
- "Platform" means the Apollo Deploy software-as-a-service application, including all associated infrastructure, APIs, and interfaces.
- "Personnel" means employees, contractors, and authorized agents of Apollo Deploy who may access systems or data in the course of providing the service.
- "Security Incident" means any confirmed unauthorized access to, disclosure of, or loss of Customer Data, or any breach of the security controls described in this document that materially affects Customer Data.
- "Subprocessor" means any third-party entity engaged by Apollo Deploy that processes Customer Data on Apollo Deploy's behalf.
- "Personal Data" has the meaning ascribed to it under applicable data protection law, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the UK Data Protection Act 2018, Brazil's Lei Geral de Proteção de Dados (LGPD), Australia's Privacy Act 1988, Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and equivalent legislation in other jurisdictions.
Our Security Principles
Apollo Deploy is built on the following core principles:
Least Privilege by Default
Access to data and functionality is restricted to what is strictly necessary for the purpose being served. This is enforced through role-based access controls, scoped permissions, time-bound access grants, and regular access reviews. No Personnel shall retain access beyond what is required for their current role and responsibilities.
Defense in Depth
Security controls are layered across infrastructure, application, and operational processes to reduce blast radius and eliminate single points of failure. No single control is relied upon in isolation.
Zero Trust Architecture
All access requests are verified regardless of source location. Network location alone does not confer trust. Authentication and authorization are enforced at every layer.
Transparency Over Claims
We document what we do, avoid overstating guarantees, and prioritize verifiable controls over marketing language. Where controls are planned but not yet implemented, this is clearly stated.
Secure by Design
Security considerations are integrated from the earliest stages of system design and development, not applied retroactively.
Data Protection
Data Ownership
Customers retain full ownership and all intellectual property rights in their data at all times. Nothing in this document or in Apollo Deploy's Terms of Service shall be construed as transferring ownership of Customer Data to Apollo Deploy.
Apollo Deploy processes Customer Data solely to provide, maintain, and improve the platform, and solely in accordance with our Privacy Policy, Data Processing Agreement, and contractual obligations. Apollo Deploy shall not sell, license, sublicense, or otherwise commercially exploit Customer Data for any purpose unrelated to service delivery.
Upon termination of a Customer's account, Apollo Deploy shall delete or return Customer Data in accordance with the timelines and procedures specified in the Terms of Service and DPA. Customers may request data export at any time during the term of their agreement.
Data Classification
Apollo Deploy classifies data into the following categories to ensure appropriate handling:
| Classification | Description | Examples |
|---|---|---|
| Confidential | Customer Data requiring the highest level of protection | Source code references, deployment configurations, API keys, secrets |
| Internal | Operational data not intended for public disclosure | System logs, internal metrics, Personnel access records |
| Public | Information explicitly made available to the public | Published documentation, marketing materials |
Controls are applied commensurate with data classification level.
Data Isolation
- Organizational data is logically isolated per Customer using enforced tenant boundaries at the application, database, and infrastructure layers
- Access is scoped by organization, team, and role, with enforcement at the API layer
- Cross-tenant access is explicitly prevented through technical controls, tested regularly through automated testing and periodic security assessments
- Isolation controls are validated through automated testing as part of continuous integration processes
- Any failure of tenant isolation controls is treated as a Security Incident
Encryption
- Data in transit is protected using TLS 1.2 or higher. TLS 1.0 and 1.1 are not supported. Certificate validity and configuration are monitored continuously.
- Data at rest is encrypted using AES-256 or equivalent encryption mechanisms provided by our infrastructure providers, with keys managed through dedicated key management services.
- Encryption key management follows industry best practices, including key rotation, separation of duties, and restricted access to key material. Customers do not have direct access to encryption keys; however, encryption protects Customer Data from unauthorized access including by infrastructure provider Personnel.
- Secrets and credentials stored within the platform (such as API keys and tokens) are encrypted at rest using application-layer encryption separate from database-level encryption.
Data Residency
Customer Data is stored and processed in the regions specified in the Customer's agreement or as selected during account configuration. Apollo Deploy shall not transfer Customer Data to a region outside the agreed-upon jurisdictions without prior written consent, except as required to provide the service and disclosed in the DPA.
Where data transfers occur across jurisdictional boundaries, Apollo Deploy ensures appropriate safeguards are in place consistent with applicable data protection law, including but not limited to:
- EU/EEA: Standard Contractual Clauses (SCCs) as approved by the European Commission, supplemented by transfer impact assessments where required
- United Kingdom: International Data Transfer Agreement (IDTA) or UK Addendum to SCCs as approved by the UK Information Commissioner's Office
- Other jurisdictions: Equivalent transfer mechanisms as required by applicable local data protection law
Data Retention and Deletion
- Customer Data is retained for the duration of the Customer's active agreement plus the post-termination period specified in the Terms of Service
- Upon expiry of the retention period, Customer Data is permanently deleted using methods designed to prevent recovery
- Backup copies are subject to the same retention schedule and are deleted within [30] days of the primary data deletion
- Customers may request early deletion of specific data, subject to legal and contractual retention requirements
- Deletion confirmations are available upon request
Access Control & Authentication
Role-Based Access Control
- Role-based access control (RBAC) governs all user permissions within the platform
- Permissions are assigned to roles, and roles are assigned to users; direct permission grants are not used
- Customers control role assignments within their organizations
- Sensitive operations (including but not limited to deployment approvals, configuration changes, and team management) require elevated permissions
- Role definitions and their associated permissions are documented and available to Customers
Authentication
- Multi-factor authentication (MFA) is available for all accounts and is required for administrative access
- Password requirements enforce minimum length, complexity, and breach-database checking
- Session tokens are time-limited and revocable
- OAuth integrations use scoped tokens with minimum necessary permissions
- Failed authentication attempts are rate-limited and monitored
Access Logging and Auditability
- All access changes are logged with timestamp, actor, and action performed
- Critical actions (including data access, configuration changes, and permission modifications) generate immutable audit log entries
- Audit logs are retained for a minimum of [12] months
- Customers have access to audit logs for activity within their organization
- Audit logs are protected from tampering and unauthorized access
Credential Compromise
We design the platform assuming credentials may eventually be compromised. Controls to limit the impact of any single compromised account include:
- Automatic session invalidation on permission changes
- Anomalous access pattern detection and alerting
- Ability to revoke all active sessions for any account
- Scoped permissions ensuring no single account has unrestricted access to all Customer Data
Infrastructure Security
Apollo Deploy runs on modern cloud infrastructure designed for reliability, availability, and security.
Infrastructure Controls
- Hardened runtime environments with minimized attack surfaces and immutable deployment artifacts
- Network segmentation with strict ingress and egress rules between service tiers
- Web application firewalls (WAF) and distributed denial-of-service (DDoS) mitigation
- Access controls enforced at multiple network layers
- Continuous infrastructure vulnerability scanning and patching within defined SLAs:
- Critical vulnerabilities: patched or mitigated within [24] hours of identification
- High-severity vulnerabilities: patched within [72] hours
- Medium-severity vulnerabilities: patched within [30] days
- Container and host-level security monitoring
Credential Management
- Long-lived credentials are avoided wherever technically feasible
- Infrastructure access uses scoped, time-bound, revocable credentials
- Secrets are managed through dedicated secrets management infrastructure
- Credentials are rotated on a defined schedule and immediately upon suspected compromise
Availability and Resilience
- Infrastructure is designed with redundancy to avoid single points of failure
- Regular failover testing validates resilience mechanisms
- Current platform availability targets are published separately in the Service Level Agreement (SLA)
- Recovery Point Objective (RPO) and Recovery Time Objective (RTO) are defined in the SLA
Application Security
Secure Development Lifecycle
- All code changes require peer review and approval before merging
- Separation of environments (development, staging, production) with no Customer Data in non-production environments
- Static application security testing (SAST) is performed on all code changes
- Dynamic application security testing (DAST) is performed on a regular schedule
- Dependency scanning for known vulnerabilities with automated alerting
- Software composition analysis to identify supply chain risks
- Security threat modeling for new features and architectural changes
- Developers receive security training on an annual basis, at minimum
Vulnerability Management
- Apollo Deploy maintains a vulnerability management program with defined severity levels, response timelines, and escalation procedures
- Vulnerabilities are triaged based on exploitability, impact, and exposure
- Customers are notified of vulnerabilities affecting their data in accordance with the Incident Response procedures below
Logging & Monitoring
- Security-relevant events are logged with sufficient detail for forensic investigation
- Anomalous behavior is monitored through automated alerting systems and investigated according to severity
- Logs are protected from unauthorized access and tampering through access controls and integrity verification
- Log retention periods meet or exceed regulatory requirements and are no less than [12] months
- Monitoring covers application, infrastructure, and authentication layers
Integrations & Third-Party Access
Apollo Deploy integrates with external tools at the Customer's request and under the Customer's control.
Integration Controls
- All integrations are permission-scoped to the minimum access required for stated functionality
- Read-only access is used by default unless write access is explicitly required and authorized by the Customer
- Customers control which integrations are enabled, what data is shared, and may revoke integrations at any time
- Integration tokens are scoped, time-limited where supported by the third-party platform, and revocable
- Apollo Deploy does not access third-party systems without explicit Customer authorization
Subprocessors
- A current list of Subprocessors is maintained and made available to Customers
- Customers are notified of new Subprocessor additions with [30] days' advance notice, unless a shorter timeframe is required for security or operational reasons
- Subprocessors are subject to security and data protection obligations no less protective than those in this document
- Apollo Deploy conducts due diligence on Subprocessors prior to engagement and on a recurring basis
- Customers have the right to object to new Subprocessors in accordance with the DPA
Personnel Security
- All Personnel with access to Customer Data or production systems undergo background checks to the extent permitted by applicable law
- Personnel are bound by confidentiality obligations
- Access is granted based on role requirements and revoked immediately upon role change or departure
- Security awareness training is required for all Personnel upon hiring and annually thereafter
- Adherence to security policies is a condition of continued engagement
Operational Security
- Access to production systems is restricted to authorized Personnel, requires MFA, and is fully auditable
- All changes to production environments follow controlled workflows including review, approval, and rollback capability
- Administrative access is time-bound and purpose-specific; standing privileges are minimized
- Backups are performed on a defined schedule, encrypted, and tested for recoverability at least quarterly
- Business continuity and disaster recovery plans are documented and tested at least annually
Incident Response
Apollo Deploy maintains a documented incident response plan designed to:
- Detect security incidents promptly through monitoring, alerting, and reporting channels
- Contain incidents to prevent further unauthorized access or data loss
- Eradicate the root cause and restore affected systems to a known-good state
- Recover normal operations with verified integrity
- Communicate with affected Customers in a timely and transparent manner
- Remediate by identifying lessons learned and implementing preventive measures
Notification Commitments
- Affected Customers will be notified of confirmed Security Incidents involving their data without undue delay and in no event later than [72] hours after confirmation, or sooner where required by applicable law
- Notifications will include: nature of the incident, data potentially affected, containment measures taken, recommended Customer actions, and contact information for further inquiries
- Apollo Deploy will cooperate with Customers' own incident response processes and regulatory obligations to the extent reasonably practicable
- A post-incident report will be provided to affected Customers within [30] days of incident resolution
- Where a Security Incident triggers notification obligations under applicable data protection law (including but not limited to GDPR Article 33, CCPA §1798.150, or equivalent provisions), Apollo Deploy will provide reasonable assistance to enable the Customer to fulfill its own regulatory notification obligations
Limitations
While no system is immune to risk, Apollo Deploy prioritizes preparedness, rapid response, and transparency. The existence of this incident response process does not constitute a guarantee that Security Incidents will not occur.
Compliance & Security Assurance
Framework Alignment
Apollo Deploy's security controls are designed in alignment with industry-recognized frameworks and standards, including:
- SOC 2 Trust Service Criteria — controls are implemented consistent with the principles of security, availability, and confidentiality
- ISO/IEC 27001 — information security management practices are informed by this standard
- OWASP — application security practices follow OWASP guidelines and top-ten mitigation strategies
- NIST Cybersecurity Framework — risk management and control selection are informed by NIST CSF guidelines
Important: Alignment with a framework does not constitute certification. Apollo Deploy does not currently hold SOC 2 or ISO 27001 certifications. We implement controls consistent with these frameworks and are actively planning toward formal certification in 2027. This document will be updated to reflect any certifications upon formal attainment.
Regulatory Compliance
Apollo Deploy is committed to compliance with data protection and privacy laws in all jurisdictions where it operates and where its Customers are located. Current compliance includes but is not limited to:
| Regulation / Framework | Jurisdiction | Status | Notes |
|---|---|---|---|
| GDPR | EU / EEA | Active | DPA available upon request |
| UK GDPR / Data Protection Act 2018 | United Kingdom | Active | UK Addendum / IDTA available |
| CCPA / CPRA | California, USA | Active | Privacy Policy details consumer rights |
| LGPD | Brazil | Active | Appropriate transfer mechanisms in place |
| PIPEDA | Canada | Active | Privacy practices aligned |
| Privacy Act 1988 | Australia | Active | APPs compliance maintained |
Where Apollo Deploy operates in or serves Customers in jurisdictions not listed above, it will comply with applicable local data protection and privacy laws to the extent they apply to the services provided.
Independent Security Assessments
- Apollo Deploy engages independent security professionals to conduct penetration testing on at least an annual basis
- Summary findings from assessments are available to Customers under NDA upon request
- Identified vulnerabilities are remediated in accordance with the timelines defined in the Vulnerability Management section
Enterprise Security Reviews
Apollo Deploy participates in enterprise security reviews, vendor risk assessments, and due diligence processes. Customers may request:
- Completion of security questionnaires (e.g., SIG, CAIQ, VSAQ)
- Evidence of controls described in this document
- Summary findings from penetration tests (available under NDA)
- Data Processing Agreements and Standard Contractual Clauses
- Transfer Impact Assessments where applicable
Certification Roadmap
Apollo Deploy maintains a roadmap toward formal certifications. Current planned milestones:
| Certification | Target Timeline | Status |
|---|---|---|
| SOC 2 Type II | 2027 | Planned — controls in active preparation |
| ISO 27001 | 2027 | Planned — controls in active preparation |
These timelines represent current intentions and are subject to change based on business priorities and resource availability. They are not binding commitments. Customers will be notified when certifications are formally obtained, and this document will be updated accordingly.
Responsible Disclosure
We welcome and encourage responsible disclosure of security vulnerabilities.
Reporting
If you believe you have discovered a security vulnerability in the Apollo Deploy platform, please contact us at:
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact assessment
- Your contact information for follow-up
Our Commitments
- We will acknowledge receipt of vulnerability reports within [2] business days
- We will provide an initial assessment within [5] business days
- We will not pursue legal action against researchers who comply with this policy and act in good faith
- We will credit reporters (with consent) upon resolution
- We ask that reporters allow reasonable time for remediation before public disclosure (minimum [90] days)
Scope and Exclusions
The following are out of scope for responsible disclosure:
- Social engineering attacks against Personnel or Customers
- Denial of service attacks
- Physical security testing
- Attacks against third-party services not owned or operated by Apollo Deploy
- Automated vulnerability scanning without prior written authorization
- Testing against Customer accounts or data you are not authorized to access
Limitation of Liability
The security practices described in this document represent Apollo Deploy's current commitments and are implemented using commercially reasonable measures. This document:
- Does not constitute a warranty or guarantee that Security Incidents will not occur
- Does not expand liability beyond what is set forth in the Terms of Service
- Does not create obligations beyond those in the Customer's executed agreement
- Is subject to change as described in the "Changes to This Document" section below
Apollo Deploy's aggregate liability for security-related claims is governed by the limitation of liability provisions in the applicable Terms of Service or enterprise agreement.
Changes to This Document
Apollo Deploy reserves the right to update this document to reflect changes in our security practices, compliance status, legal requirements, or regulatory developments in any applicable jurisdiction.
- Material changes will be communicated to Customers via email notification or in-platform notification at least [30] days before taking effect
- Non-material changes (such as clarifications, formatting, or updates reflecting improved security posture) may be made without advance notice
- The "Last Updated" date at the top of this document reflects the most recent revision
- Previous versions are available upon request
- Continued use of the platform after the effective date of changes constitutes acceptance of the updated practices, unless the Customer objects in writing within the notification period
Contact
For security-related inquiries, reporting, or requests:
- Security Team: security@apollodeploy.com
- Privacy & Data Protection: privacy@apollodeploy.com
- Legal: legal@apollodeploy.com
- Data Protection Officer: dpo@apollodeploy.com (where required by applicable law)
For urgent security matters, please include "URGENT" in the subject line.
Governing Law & Jurisdiction
General
This document and the security practices described herein are intended to apply globally and to comply with the laws and regulations of all jurisdictions in which Apollo Deploy operates or in which its Customers are located.
Dispute Resolution
Unless otherwise specified in an executed enterprise agreement or required by mandatory local law:
- Any disputes arising from or relating to the security practices described in this document shall be governed by the laws of [Primary Jurisdiction, e.g., the State of Delaware, United States], without regard to conflict of law principles.
- The parties agree to attempt resolution through good-faith negotiation before pursuing formal proceedings.
- If negotiation is unsuccessful, disputes shall be resolved through binding arbitration administered by [arbitration body, e.g., the American Arbitration Association] under its then-current rules, unless the Customer is located in a jurisdiction where arbitration clauses are unenforceable, in which case disputes shall be resolved in the courts of competent jurisdiction.
Preservation of Local Rights
- Nothing in this document shall deprive any Customer of mandatory consumer protections, data protection rights, or other non-waivable rights available under the laws of their jurisdiction of residence or principal place of business.
- Where mandatory local law imposes obligations on Apollo Deploy that exceed those described in this document, Apollo Deploy will comply with such obligations to the extent they are applicable.
- To the extent any provision of this document conflicts with mandatory local law applicable to a Customer, that provision shall be modified to the minimum extent necessary to comply with such law, and all remaining provisions shall continue in full force and effect.
Regulatory Cooperation
Apollo Deploy will cooperate with data protection authorities and regulators in any jurisdiction where such cooperation is required by applicable law, including responding to inquiries, participating in audits (where legally mandated), and providing information necessary for regulatory oversight.
This document is provided for informational and contractual purposes. It should be read in conjunction with Apollo Deploy's Terms of Service, Privacy Policy, and Data Processing Agreement. In the event of any conflict, the order of precedence shall be: (1) the executed enterprise agreement (if any), (2) the Terms of Service, (3) the Data Processing Agreement, (4) this Security & Trust document, (5) the Privacy Policy.