Last updated: May 14th, 2026

We continuously work to protect customer data through technical, organizational and operational safeguards designed to reduce risk and support secure business operations.

Infrastructure & Hosting

Appesco services are hosted using trusted infrastructure providers and modern cloud technologies designed for reliability, scalability and security.

Our infrastructure providers may include services such as:

• Cloudflare - distributed CDN and Web Application Firewall
• DigitalOcean
• Hetzner
• GitHub
• Twilio/SendGrid

Where possible, customer data is hosted within the European Economic Area (EEA) or in jurisdictions with appropriate data protection safeguards.

Infrastructure environments are protected through multiple layers of security controls, including network segmentation, firewalls, restricted administrative access and continuous monitoring.

Data Protection

We apply security measures designed to protect customer data against unauthorized access, accidental loss, misuse, disclosure or destruction.

Our security practices include:

• encryption in transit using HTTPS/TLS;
• encrypted communication between services where applicable;
• role-based access controls;
• authentication and authorization mechanisms;
• secure password handling;
• access logging and monitoring;
• environment isolation between systems;
• backup and recovery procedures;
• least-privilege access principles;
• internal access restrictions to production systems.

Access to customer data is limited to authorized personnel who require access for operational, support or security purposes.

Application Security

Security is considered throughout the software development lifecycle.

Our practices include:

• secure development practices;
• code reviews;
• dependency and vulnerability management;
• security monitoring and logging;
• patch and update management;
• input validation and output sanitization;
• authentication and session security controls;
• protection against common web vulnerabilities;
• infrastructure hardening.

Where applicable, Appesco follows industry-recognized security principles and practices inspired by frameworks such as:

• OWASP recommendations;
• ISO 27001 security principles;
• ISO 27018 privacy principles;
• GDPR data protection requirements.

Unless explicitly stated otherwise, references to standards or frameworks do not imply formal certification.

Access Control & Authentication

Access to Appesco systems and administrative environments is restricted and controlled.

Security controls may include:

• strong password requirements;
• role-based permissions;
• restricted administrative privileges;
• audit logging;
• session management controls;
• account protection mechanisms;
• optional multi-factor authentication where available.

Customers are responsible for managing user access permissions within their own organization and for protecting their account credentials.

Monitoring & Incident Response

We monitor our infrastructure and services to detect operational issues, suspicious activity and potential security incidents.

In the event of a security incident, Appesco aims to:

• investigate and contain the issue;
• minimize operational impact;
• assess affected systems and data;
• notify affected customers where legally required;
• implement corrective and preventive measures.

We maintain internal procedures for incident management and service recovery.

Backups & Availability

We maintain backup and recovery procedures designed to support business continuity and disaster recovery.

Backup practices may include:

• scheduled backups;
• encrypted backup storage where applicable;
• infrastructure redundancy;
• recovery testing and restoration procedures.

While we strive for high availability and resilience, no online service can guarantee uninterrupted operation.

Employee & Organizational Security

Access to sensitive systems and customer data is restricted to authorized personnel only.

Appesco personnel with access to operational systems are expected to follow internal security and confidentiality requirements, including:

• confidentiality obligations;
• access control procedures;
• security awareness practices;
• internal operational policies.

Data Processing & GDPR

For customer data processed through the Appesco platform:

• customers generally act as the data controller;
• Appesco generally acts as the data processor.

We process customer data only according to customer instructions, applicable agreements and legal obligations.

Appesco supports GDPR compliance through:

• data processing agreements (DPAs);
• organizational and technical safeguards;
• controlled subprocessor management;
• security and confidentiality measures;
• assistance with applicable data protection obligations where required.

For more information, please review our Privacy Policy and Data Processing Agreement.

Subprocessors

Appesco may use carefully selected third-party providers to support hosting, infrastructure, analytics, email delivery, monitoring, support and other operational functions.

Where subprocessors process customer data on our behalf, we require appropriate contractual and security commitments designed to protect personal data and confidentiality.

Responsible Disclosure

If you believe you have discovered a security vulnerability affecting Appesco systems or services, please contact us responsibly at:

[email protected]

Please include:

• a description of the issue;
• affected systems or URLs;
• reproduction steps where possible;
• potential impact.

We ask that security researchers act responsibly and avoid activities that could harm our systems, services, customers or data.

Contact

For security-related questions or requests, contact:

[email protected]

Appesco

Appesco B.V.
Voorburg, 2275 AL, The Netherlands
KvK/CoC: 82619468
VAT: NL862541499B01