Apresly is committed to maintaining the highest operational standards in systems and processes to protect personal data in accordance with good industry practice. For your information, we have provided the main aspects of our security practices below.

1. Data Minimization, Access Control and Employee Education

1.1. Apresly collects and processes only the personal data that is necessary to provide the services.

1.2. Access to Customer Data is provided by Apresly only to employees with a justified need for access or performing a role that requires such access.

1.3. Apresly employees are trained in security best practices that enable them to identify instances of Customer Data Breach and take necessary action.

2. Business Continuity

2.1. Apresly maintains business continuity and implements backup plans to minimize service losses and comply with applicable regulations.

2.2. The backup plan takes into account risks to services and any dependencies and has an established procedure for restoring access to and use of services.

2.3. The backup plan is tested at regular intervals.

3. Data Security

3.1. Apresly maintains technical safeguards and other security measures to ensure the security and confidentiality of Customer Data.

3.2. Apresly’s system is multi-tenant, therefore data is separated for users/accounts with appropriate isolation.

3.3. Apresly uses reputable cloud providers that have security certifications, ensuring the security of Customer Data.

4. Encryption and Key Management

4.1. Apresly ensures security through SSL/TLS protocols and encryption.

4.2. Apresly applies encryption at rest and in transit between public networks, in accordance with industry standard practices.

5. Data Transfer to Sub-Processors

5.1. Where Sub-Processors process Personal Data, Apresly shall ensure that these Sub-Processors are service providers with whom Apresly has entered into an agreement on terms substantially similar to this DPA. Apresly conducts appropriate due diligence checks of its Sub-Processors.