Last updated - January 30, 2023

  • Do you follow the EU privacy laws?

    Apigale is able to demonstrate compliance with the seven protection and accountability principles outlined in Article 5.1-2 upon request. (What is GDPR?)

  • How does Apigale manage data, protect customer data and govern customer data?

    There is a clear separation between private and public data models, which makes it clear which data is shared with other users, and which is accessible only by the data owner, which implemented the “security by design“ principle. Access to any data requires authentication, authorisation to access is determined by the defined processes.

  • What are the types of data stores/databases/ data repositories used in the system?

    The Apigale uses PostgreSQL as the primary database and datastore. For the Server Deployment, access to the PostgreSQL database can be arranged depending on client security for data modelling and/or extraction.

  • What type of data might you store?

    All API Specifications, API Endpoints, Environments, and Client Applications are stored in the database. Secure items such as passwords are all hashed on entry and are not human-readable (AES-256-GCM/Salted Scrypt).

  • What happens to data stored when customers terminate their usage of Apigale?

    Cloud: all the data is removed from the Apigale Servers.
    Server: As the server is most typically hosted and managed by the customer, when the service is terminated the customer can destroy the machine and all data, extract backups and destroy the data or retain the data as is.

  • What cryptographic protocols are used to secure client data at rest?

    256-bit AES using GCM cyphers is used to prevent tampering & environment variables at rest.