We treat your data the way we'd want our own treated. Distributors store payment info, customer lists, and pricing — we know the cost of getting this wrong, so we engineered for it from day one.
Compliance posture
How we protect your data
Encryption
All traffic is TLS 1.2+. Data at rest is AES-256 encrypted on AWS / GCP managed disks. Production database backups are encrypted with separately-managed keys.
Access controls
Role-based access control across the product. Production systems require MFA + SSO. The principle of least privilege governs every internal grant; access is reviewed quarterly.
Vulnerability management
Static analysis on every commit. Weekly automated dependency scans. Critical issues patched within 24 hours; high issues within 7 days.
Backups & DR
Continuous WAL backup, point-in-time recovery to any second within 14 days. RPO < 5 minutes, RTO < 4 hours. Quarterly restoration drills.
Personnel
All employees pass a background check. Annual security training. Production access is granted only as needed for a specific task and revoked when complete.
Incident response
24/7 on-call rotation. Documented runbooks. Status updates published to status.apfoodz.com within 15 minutes of any P0 incident.
Tenant isolation
APFoods is multi-tenant — every tenant's data lives in the same database but is isolated by row-level scoping enforced in code, in queries, and in tests. Cross-tenant queries are impossible without explicit superuser intent.
Reporting a vulnerability
Found something? We want to know. Email admin@apfoodz.com with details. Critical issues get a same-day response.
Pen-test history
We engage a third-party pen-tester annually. Reports are available under NDA on request to admin@apfoodz.com.