Draft. This document is placeholder copy and must be replaced with counsel-reviewed text before production. If you're a customer reading this in a deployed environment, please contact us for the binding version.

Security

Effective date: 2026-01-01

Architecture

AppGantry runs as separate public, marketing, and app surfaces so a routing bug in one cannot expose the others. Build artifacts on hosted plans live in geo-redundant (GRS) Azure Blob Storage. BYOSA orgs keep artifacts in their own Azure tenant.

Authentication

Email + password with bcrypt-cost hashing, email verification, and rate-limited login. Personal access tokens (PATs) are scoped and revocable. SSO/SAML on Business; Enterprise is coming soon.

Data in transit & at rest

TLS in transit. AES-256 at rest in Azure Blob Storage by default. Customer-managed keys (CMK) supported via BYOSA.

Tenancy isolation

Every database row is org-scoped; the API enforces org membership on every read and write. BYOSA further isolates artifact data at the cloud-tenant boundary.

Vulnerability reporting

Email security@appgantry.com for any vulnerability reports. We aim to acknowledge within one business day and to publish fixes for confirmed issues within an agreed disclosure window.

Subprocessors

Microsoft Azure (hosting, storage), Paddle (billing). Full list and SOC reports available on request.

Questions about this document? support@appgantry.com.