At Apiary, the security of your data is a core priority. We implement industry-standard measures to protect your personal information, account credentials, and beekeeping data. This page outlines our security practices.

Encryption in Transit

All data transmitted between your browser and our servers is encrypted using TLS (HTTPS).

Password Hashing

Passwords are hashed using strong, one-way algorithms. We never store plain-text passwords.

Access Control

Personal data access is restricted to authorized personnel with a legitimate business need.

HTTPS / TLS Encryption

All connections to apiary.web.id are served over HTTPS using Transport Layer Security (TLS). This means all data exchanged between your browser and our servers—including login credentials, personal information, and beekeeping data—is encrypted in transit and protected from interception or tampering.

We enforce HTTPS for all pages, API endpoints, and assets served by our platform. HTTP requests are automatically redirected to HTTPS.

Authentication Security

Password Policy

We require a minimum password length of 8 characters. We encourage users to choose strong, unique passwords. Passwords are stored using bcrypt or equivalent one-way cryptographic hashing with per-user salts.

Login Protection

We monitor login activity for signs of unauthorized access. When a sign-in is detected from a new device or unfamiliar location, we send an automated security notification to the account's registered email address. This allows you to take immediate action if the login was not authorized.

Session Management

User sessions are managed using secure, HTTP-only cookies. Sessions expire after a period of inactivity. You can manually sign out from all devices through your Account Settings.

Data Storage & Infrastructure

Our platform is hosted on secure cloud infrastructure with:

Email Security

We use Amazon SES for email delivery with the following security practices:

For more details, see our Email Communication Policy.

Financial Data

We do not store payment card information on our servers. All payment processing is handled by PCI DSS-compliant third-party payment providers. Your payment details are transmitted directly to the payment processor over an encrypted connection.

Security Monitoring & Incident Response

We maintain monitoring systems to detect and respond to potential security incidents. In the event of a data breach affecting your personal information, we will notify affected users via the email address on file within the timeframe required by applicable regulations.

Third-Party Services

We carefully evaluate third-party services we integrate with. All service providers are contractually required to maintain security standards compatible with our own. Key service providers include:

Reporting Security Issues

If you discover a security vulnerability, please report it responsibly by emailing security@apiary.web.id. We take all reports seriously and will respond promptly. Please do not publicly disclose the issue before we have had a reasonable opportunity to address it.

Your Role in Security

While we implement robust security measures, account security is a shared responsibility. We recommend:

Contact

For security-related inquiries, contact us at security@apiary.web.id. For general questions, visit our Contact page.