Security
Protecting your business and customers
When customers place orders or share their details with you, they are trusting your business. Apex makes sure that trust is never broken.
Key Benefits for Your Business
We have built security into the core of our platform so your team can focus on growth without worrying about downtime, data breaches, or lost revenue. These measures not only protect your business but also strengthen your reputation with every transaction.
Customer Trust
Reassure customers their personal and payment data is protected, increasing confidence and loyalty.
Regulatory Compliance
Meet data protection laws and industry standards without added complexity.
Business Continuity
Reduce risks of downtime, breaches, and revenue loss, ensuring seamless operations.
At-a-Glance
- Uptime SLA: 99.9%+
Recovery Point Objective (RPO): 24 hours by default; can be set to match your business needs. - Recovery Time Objective (RTO): ≤ 60 minutes
- Backups: file and database backups, and instance snapshots with custom frequencies, , custom retention periods, regular restore tests
- Public status page for real-time uptime and incident transparency
Security Highlights
The main areas covered by Apex that would be relevant to you are outlined below. This is not an exhaustive list and we can always implement additional security customisations as needed per your unique business requirements.
Cloudflare Protection
Your website is your storefront, and downtime means lost sales and damaged reputation. Apex relies on Cloudflare’s global protection network to keep your site fast, available, and secure even during unexpected traffic spikes or targeted attacks.
With a global Content Delivery Network for speed, a Web Application Firewall for filtering threats, and DDoS defence to stop large-scale disruptions, Apex ensures your customers enjoy a seamless shopping experience every time they visit. This combination reduces the risk of revenue loss and reassures your clients that they can depend on you at all times.
Passwords and User-Level Security
Not every member of your team needs the same level of access. Apex allows you to set roles and permissions, so staff only see and control what is relevant to their job. This reduces risk, prevents costly errors, and keeps sensitive information protected.
Combined with strong password policies and optional two-factor authentication, this means your business has full control over who can do what without slowing down day-to-day operations. You benefit from tighter control of sensitive processes, while your staff have the right level of access to work efficiently.
Backups
Mistakes and disruptions happen, but they should not stop your business. Apex provides automated, secure backups so your data can be restored if something goes wrong.
Backups give your business a reliable safety net, helping you keep operations running smoothly even when the unexpected occurs. This resilience reassures both your team and your customers that your site will always recover quickly.
Monitoring
Your business cannot afford blind spots. Apex uses continuous monitoring to detect threats and track activity in real time. If something unusual happens, it is flagged instantly, giving us the ability to act before it becomes a bigger issue.
This proactive approach protects your revenue and your customer relationships by reducing the risk of service interruptions or security breaches. With clear activity logs and oversight, you have greater transparency and confidence in how your site is performing.
Encryption
Trust is built on protecting customer information. With Apex, all data whether it is orders, payments, or personal details is encrypted in transit and at rest. In plain terms, that means it is locked and unreadable to anyone without permission.
This ensures compliance with data protection regulations and reassures your customers that their information is always safe with you. By protecting data at every stage, Apex helps you meet legal obligations and maintain customer confidence.
Isolated Environments
Each Apex environment is kept completely separate. This reduces risks during updates or testing and ensures your live store is never impacted by behind-the-scenes changes.
For your business, that means greater stability, fewer interruptions, and the confidence that your website will remain available to customers at all times. It provides a secure framework that keeps innovation and day-to-day operations working in harmony.
Immutable Deployments
Every change in Apex goes through a controlled, read-only deployment process. This makes it nearly impossible for unauthorised code changes to slip into your site.
For you, it means peace of mind knowing that your live store only runs approved, tested, and secure updates. This approach reduces vulnerabilities while ensuring your site evolves in a safe and predictable way.
Infrastructure & Network Security
- Cloudflare WAF and always-on DDoS protection with global CDN acceleration.
- Bot management and API rate limiting
- Segregated development, staging and production environments.
- Immutable deployment pipeline – only approved, tested code reaches production.
Data Security & Encryption
- TLS 1.2/1.3 enforced; HSTS and Perfect Forward Secrecy enabled.
- AES-256 encryption at rest
- Regular automatic key rotation.
- Tokenization available for payment data handled via PCI-compliant providers.
Identity & Access Management
- Role-based access control (RBAC) with least-privilege default roles.
- SSO (SAML/OIDC) and SCIM user provisioning for enterprise identity.
- Multi-factor authentication (MFA) enforced for privileged accounts.
- Tamper-evident audit logs (with custom retention periods) exportable to your SIEM.
Monitoring & Incident Response
- 24/7 monitoring for performance, availability and security anomalies.
- Automated alerting integrated into our incident response framework.
- Regular disaster recovery and tabletop exercises with documented actions.
- Transparent communications via status page and post-incident reports.
Application Security
- Secure SDLC: threat modeling, SAST/DAST, dependency/SBOM scanning, and secrets management.
- Annual third-party penetration testing with remediation tracking.
- Coordinated Vulnerability Disclosure policy and security@ contact.