ApyrunGet Started

Security

Last updated: December 18, 2025

TL;DR

  • All data encrypted in transit (TLS) and at rest
  • API secrets encrypted using industry-standard methods
  • Each user gets a dedicated execution environment
  • Environments have resource limits (CPU, memory, network)
  • User environments are isolated from each other
  • Continuous vulnerability scanning
  • Regular dependency updates
  • Payment details handled securely by Stripe (we never see your card)

Security is foundational to Apyrun. This page details the technical and organizational measures we implement to protect your data and code. For information about data handling, see our Data Policy.

While we implement industry-standard security practices, no system can guarantee absolute security. We continuously work to improve our security measures and promptly address any identified vulnerabilities.

Data Encryption

  • In transit – all connections use TLS encryption (HTTPS)
  • At rest – database and secrets encrypted using industry-standard methods
  • SSL certificates – automatically managed and renewed

Environment Isolation

Each user runs in a dedicated environment with appropriate security measures:

  • Separation – users are isolated from each other
  • Resource limits – fair usage limits prevent abuse
  • Restricted execution – code runs with appropriate security boundaries

Secret Management

Your API keys and credentials receive special protection:

  • Encrypted using industry-standard methods before storage
  • Decrypted only at runtime, in memory
  • Never written to logs or exported

Vulnerability Management

  • Continuous scanning – automated monitoring for vulnerabilities
  • Automated alerts – security issues trigger immediate notifications
  • Regular updates – dependencies updated promptly when issues are found
  • Infrastructure updates – systems maintained with security patches

Access Controls

  • Authentication – secure session management with HTTP-only cookies
  • API keys – scoped access for programmatic use
  • Admin access – restricted to essential personnel only
  • Audit logging – security-relevant actions are logged

Infrastructure

  • Hosting – EU-based servers
  • Rate limiting – protection against abuse
  • Firewall – only necessary ports exposed
  • Backups – regular database backups

Service Availability

We strive to maintain high availability of the Service. However, we cannot guarantee uninterrupted access. The Service may be temporarily unavailable due to:

  • Scheduled maintenance (we aim to notify in advance)
  • Security updates requiring immediate deployment
  • Circumstances beyond our control

Payment Security

Payment processing is handled entirely by Stripe. We never see, store, or process your credit card details. Stripe is PCI DSS Level 1 certified.

Reporting Security Issues

If you discover a security vulnerability, please report it responsibly to security@apyrun.io

Please include:

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact

We take all reports seriously and will respond promptly.

Questions?

For security-related questions, contact security@apyrun.io