Skip to main content
Security & Compliance

How apitree protects your data

What we encrypt, where data lives, who can access what.

Data at Rest

  • API keys (BYOK + System): AES-256-GCM encryption with authenticated additional data. Master key held separately from database.
  • Database: PostgreSQL on Supabase with encryption at rest (AES-256) provided by the underlying storage.
  • Logs: Request IDs + metadata only. Request/response bodies are NOT logged unless explicitly opted in.

Data in Transit

  • TLS 1.3 enforced on all endpoints. HSTS headers with 1-year max-age.
  • Certificate pinning: Cloudflare-managed certificates with automatic rotation.
  • Inter-service: All apitree internal services communicate over encrypted channels.

Access Control

  • Authentication: JWT (HS256) for dashboards + API keys (HMAC-SHA256 hashed) for programmatic access.
  • Role hierarchy: buyer / seller / admin / super_admin with enforced permission boundaries.
  • API key scopes: test vs live, rate limit tier, per-key daily quotas, rotation with 24h grace period.
  • Admin actions: All privileged operations (credit adjustments, credential writes, user role changes) logged to immutable audit log.

Regulatory Alignment

  • GDPR-ready: Data subject access / deletion requests handled via Customer Operations admin page.
  • Korean PIPA (개인정보보호법): PII detection runs on registered APIs; Korean RRN / phone / account patterns automatically flagged and mask-able.
  • SOC 2 Type II: Preparation in progress. Audit target: v2.0 (Q3 2026).
  • Financial (KFSS 금융보안원): On-premises Connector Agent for banking partners who cannot move data to the cloud.

Multi-tenancy Isolation

  • Row-level: All tables scoped by org_id. Policy enforced in application layer + Postgres RLS for critical tables.
  • Rate limits: Per API key + per org. Multi-window (burst 10s / minute / daily).
  • BYOK: User-supplied keys only used for that user's proxy calls. Never shared, never logged.

Incident Response

  • Alerting: Slack #apitree-escalate on critical (auth failures, circuit opens, credential changes, error rate spikes).
  • Self-healing: Schema drift auto-remediation, credential rotation prompts, 5-check Blue/Green deploy gate.
  • Monitoring: 10s real-time dashboard, 15min Vercel cron health checks, anomaly detection (3x/5x/10x baseline thresholds).

Contact

Security disclosure: [email protected]
DPA / vendor security questionnaires: [email protected]