Security & Trust

Aperys is built for multi-tenant isolation, auditability, and enterprise readiness. From row-level security to role-based access controls, our architecture is designed to ensure that each tenant's data remains isolated, traceable, and protected.

Tenant Isolation by Design

Every Aperys tenant is logically isolated at the database layer.

All application queries are scoped by tenant identifier
Postgres Row-Level Security (RLS) policies enforce tenant boundaries
Cross-tenant access is prevented at the database level, not just in application code
Referential constraints ensure records cannot reference data outside their tenant

This means data isolation is not dependent on UI filtering or business logic alone: it is enforced at the storage layer.

Role-Based Access Control

Access to data and functionality is governed by explicit roles.

Tenant-scoped roles (e.g., recruiter, hiring manager, admin)
Principle of least privilege applied to user permissions
Role checks enforced in both application logic and database policies

Administrative access is separated from tenant user access. Elevated privileges are intentionally limited and auditable.

Built-In Audit Trails

Operational transparency is a core principle of the platform.

Critical actions are recorded in structured audit logs
Events capture who performed the action and when
Administrative actions are traceable

Auditability supports internal accountability and external compliance workflows.

Data Protection & Handling

We implement foundational data protection practices:

Encryption in transit via HTTPS/TLS
Data stored in managed infrastructure with encryption at rest
Environment separation of databases to prevent production data being used in development
Secrets managed via environment variables and restricted access controls

We continuously evaluate infrastructure and operational controls as the platform scales.

Reliability & Operational Discipline

The platform is built on modern managed infrastructure designed for availability and resilience.

Managed database hosting
Automated backups
Environment isolation
Monitoring and alerting at the infrastructure layer

As the platform matures, additional formal controls (e.g., structured security reviews, third-party audits) will be introduced in alignment with customer requirements.

Data Ownership & Lifecycle

You retain ownership of your data.

Tenant data remains logically isolated
Data export capabilities are supported
Upon termination, data handling follows contractual and policy terms

For detailed terms governing data processing and sub-processors, please refer to: Privacy Policy, Terms of Service, and Data Processing Addendum (DPA).

Security Review & Questionnaires

We can support vendor security reviews and provide documentation on request.

Frequently Asked Questions

Is my data isolated from other tenants?

Yes. Tenant isolation is enforced at the database level using Row-Level Security policies. Application logic alone does not determine access boundaries.

Can a user ever access another tenant's data?

No. Database constraints and policies prevent cross-tenant access. Even platform roles do not bypass tenant-scoped access unintentionally.

Do you maintain audit logs?

Yes. Critical actions are recorded with actor and timestamp information. Versioned documents use append-only semantics to preserve history.

Is data encrypted?

All traffic is encrypted in transit using HTTPS/TLS. Data is stored on managed infrastructure with encryption at rest.

Where is data hosted?

Data is hosted in managed cloud infrastructure. Specific hosting regions can be disclosed as needed for customer compliance requirements.

Do you support a Data Processing Addendum (DPA)?

Yes. A DPA is available and outlines data processing responsibilities and sub-processor transparency.

Do you support SSO?

Single Sign-On support is on the roadmap and may be available based on deployment configuration and roadmap priorities.

What happens if there is a security incident?

We follow structured incident response practices, including investigation, containment, remediation, and communication as required by contractual obligations.

Can customers export their data?

Yes. The platform supports structured data exports to ensure customer control and portability.

Enterprise Engagement

If you have specific security, compliance, or architectural requirements, we are happy to engage directly with your security or IT teams to review posture, documentation, and roadmap alignment.