Built for manufacturing.
Backed by enterprise-grade security.
Trust & Security

Apiphany is a software company that builds the world's leading software for data-driven decision-making for physical products. We work with clients in the most secure and highly regulated manufacturing companies and build software for their most sensitive data. Today, security remains the cornerstone of our product development, company culture, and internal operations.

Apiphany cares deeply about the security outcomes of our clients, and we’re committed to transparency about our security practices and program. We stand resolute in continuously improving our security, data protection, and privacy controls to give you the most effective means of protecting your data possible.

Apiphany goes a step beyond by aligning with industry-leading standards like SOC 2 Type II, ISO/IEC 27001:2022, NIST, GDPR, and CCPA to protect sensitive data and operations. 

SOC2 Type II (In Audit)

Apiphany is SOC 2 Type II certified, ensuring compliance with AICPA standards for security, availability, and confidentiality. This assessment validates Apiphany’s controls for data protection, access management, and system integrity, reinforcing its commitment to enterprise security.

ISO/IEC 27001:2022

Apiphany is compliant with ISO/IEC 27001:2022 — the most current internationally recognized standard for information security management systems (ISMS). This certification demonstrates our dedication to protecting sensitive data, managing risk proactively, and continuously improving our security practices. By aligning with ISO/IEC 27001, we ensure that our processes, infrastructure, and policies meet rigorous global standards, giving our clients confidence that their information is handled with the utmost integrity and security.

NIST SP 800-171

Apiphany is fully compliant with NIST SP 800-171, meeting 110 security controls to safeguard Controlled Unclassified Information (CUI). This framework ensures data confidentiality and integrity across areas like access control, configuration management, and incident response.

Cloud Infrastructure: Azure Government Cloud and AWS GovCloud

Apiphany provides multiple deployment methods, including Azure Government Cloud and AWS GovCloud (US) to provide a secure, isolated environment for managing sensitive and regulated data.

Government Cloud meets the stringent standards required by U.S. government agencies, ensuring compliance with federal regulations while delivering robust security measures to protect your data.Apiphany works with Secureframe to certify our compliance and conduct regular up-to-the-minute performance checks to ensure the highest standards. To see detailed information.

Overview

Apiphany ensures reliability, compliance, and the highest standards of data protection. Below is an overview of our security measures.

Infrastructure Security

Apiphany restricts access to production systems and data to authorized personnel using unique credentials, multi-factor authentication, and encrypted connections. Network segmentation, firewalls, and strict access controls protect customer data, with clear procedures for onboarding, revoking access, and ensuring compliance. For more information, contact Apiphany directly.

Organizational Security

Apiphany enforces security through background checks, annual training, asset inventories, and mobile device management. Visitor procedures and secure media disposal are standard, with anti-malware protections and password policies ensuring compliance.

Product Security

Apiphany ensures product security through encryption of sensitive data at rest and in transit, regular penetration testing, and continuous vulnerability management. Annual control assessments and system monitoring ensure policies are effective and updated as needed.

Internal Security Procedures

Apiphany has internal security measures in place, including Business Continuity and Disaster Recovery plans, risk assessments, and vendor management programs. Change management, configuration consistency, and a formal development lifecycle ensure operational stability, while access to sensitive systems and data centers is tightly controlled and reviewed regularly. Incident response plans are documented, tested annually, and communicated effectively, alongside policies for vulnerability management and risk mitigation.

Data and Privacy

Apiphany upholds strict data retention and classification policies to safeguard customer information. Data is securely retained and disposed of according to formal procedures, while a classification policy ensures confidential data is protected and accessible only to authorized personnel.  Role-Based Access Controls (RBAC) are enforced across all infrastructure, tools, and data sources, following the principle of least privilege to ensure users have only the minimum access necessary to perform their responsibilities.

ISMS Policy Overview

Purpose

The scope of this policy relates to use of the database and computer systems operated by Apiphany. It also relates, where appropriate, to external risk sources, including functions that are outsourced.

  • Apiphany systematically evaluates information security risks, taking into account the impact of threats and vulnerabilities.
  • Apiphany designs and implements a comprehensive suite of information security controls and other risk management measures to address customer and architectural concerns.
  • Apiphany has an overarching management process to ensure that the information security controls meet needs when addressing ongoing security risks.

Considering the legal, regulatory, contractual, and other requirements, the ISMS scope is defined as specified in the following items:

  • Engineering & Technical
  • Business Operations
  • Product Management
  • Support Functions

Independent third-party auditors perform Apiphany’s certifications. Apiphany’s compliance with these internationally recognized standards and code of practice is evidence of Apiphany’s commitment to information security at every level of the organization, and that the Apiphany security program is under industry-leading best practices.

Security & ComplianceTerms & ConditionsPrivacy Policy
© 2025 Apiphany.ai All rights reserved.