At Apiary, the security of your data is a core priority. We implement industry-standard measures to protect your personal information, account credentials, and beekeeping data. This page outlines our security practices.
Encryption in Transit
All data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
Password Hashing
Passwords are hashed using strong, one-way algorithms. We never store plain-text passwords.
Access Control
Personal data access is restricted to authorized personnel with a legitimate business need.
HTTPS / TLS Encryption
All connections to apiary.web.id are served over HTTPS using Transport Layer Security (TLS). This means all data exchanged between your browser and our servers—including login credentials, personal information, and beekeeping data—is encrypted in transit and protected from interception or tampering.
We enforce HTTPS for all pages, API endpoints, and assets served by our platform. HTTP requests are automatically redirected to HTTPS.
Authentication Security
Password Policy
We require a minimum password length of 8 characters. We encourage users to choose strong, unique passwords. Passwords are stored using bcrypt or equivalent one-way cryptographic hashing with per-user salts.
Login Protection
We monitor login activity for signs of unauthorized access. When a sign-in is detected from a new device or unfamiliar location, we send an automated security notification to the account's registered email address. This allows you to take immediate action if the login was not authorized.
Session Management
User sessions are managed using secure, HTTP-only cookies. Sessions expire after a period of inactivity. You can manually sign out from all devices through your Account Settings.
Data Storage & Infrastructure
Our platform is hosted on secure cloud infrastructure with:
- Physical data center security (access controls, monitoring, redundancies)
- Regular automated backups to prevent data loss
- Database encryption for sensitive data at rest
- Network-level firewalls and intrusion detection
Email Security
We use Amazon SES for email delivery with the following security practices:
- SPF (Sender Policy Framework): Authorizes only our servers to send email from the apiary.web.id domain
- DKIM (DomainKeys Identified Mail): Digitally signs outgoing emails to verify authenticity
- DMARC: Domain-based Message Authentication policy to prevent email spoofing
- TLS: Emails are transmitted using TLS encryption between mail servers
For more details, see our Email Communication Policy.
Financial Data
We do not store payment card information on our servers. All payment processing is handled by PCI DSS-compliant third-party payment providers. Your payment details are transmitted directly to the payment processor over an encrypted connection.
Security Monitoring & Incident Response
We maintain monitoring systems to detect and respond to potential security incidents. In the event of a data breach affecting your personal information, we will notify affected users via the email address on file within the timeframe required by applicable regulations.
Third-Party Services
We carefully evaluate third-party services we integrate with. All service providers are contractually required to maintain security standards compatible with our own. Key service providers include:
- Amazon Web Services (AWS): Cloud infrastructure and email delivery (Amazon SES)
- Payment processors: PCI DSS-compliant services for subscription billing
Reporting Security Issues
If you discover a security vulnerability, please report it responsibly by emailing security@apiary.web.id. We take all reports seriously and will respond promptly. Please do not publicly disclose the issue before we have had a reasonable opportunity to address it.
Your Role in Security
While we implement robust security measures, account security is a shared responsibility. We recommend:
- Use a strong, unique password for your Apiary account
- Do not share your account credentials with others
- Enable any additional security features we may offer in the future (e.g., two-factor authentication)
- Keep your email account secure, as it is used for password recovery
- Review account activity periodically and report any suspicious behavior
Contact
For security-related inquiries, contact us at security@apiary.web.id. For general questions, visit our Contact page.