Appwrite helps you build secure apps by applying various security and compliance measures. Appwrite is compliant with GDPR and HIPAA while actively working toward SOC 2 compliance.
Appwrite also employs enhanced password protection and encryption, rate limits, robust permission systems, and HTTPS/TLS to protect you and your users' data.
Compliance
The safeguarding of your and your users' data is taken seriously at Appwrite. Appwrite works to achieve compliance with a variety of standards to protect sensitive data, as well as maintain trust and credibility.
GDPR
Appwrite is GDPR compliant. Learn about our measures, privacy policy, and find our data processing agreement.
PCI
Appwrite uses Stripe to handle payment and payment information securely. Learn about Appwrite's PCI compliance.
SOC 2
Coming soon
HIPAA
Appwrite is HIPAA compliant. Learn about how Appwrite's measures to protect personal health information.
Measures
Appwrite employs a variety of measures to help you build secure applications, faster. Learn about the different ways Appwrite protects you and your users' data and privacy.
Authentication
Secure authentication methods to protect your users and promote better passwords.
Encryption
Appwrite encrypts sensitive data and files in Appwrite Databases and Storage.
HTTPS
Appwrite Cloud enforces HTTPS on all endpoints to prevent on-path attacks like packet sniffing.
TLS
Appwrite assigns TLS certificates on all Appwrite and user provided domains connected to Appwrite.
Backups
Appwrite Cloud uses regular backups to prevent data loss and improve resiliency.
Penetration tests
Appwrite employs regular third-party penetration tests to find vulnerabilities.
Audit logs
Appwrite provides detailed audit logs for each product to track and discover suspicious activity.
Abuse protection
Appwrite protects against common abuse methods like DoS and brute-force attacks.
Reporting vulnerabilities
If you discover security vulnerabilities, please contact us at security@appwrite.io. Please avoid posting a public issue on GitHub or elsewhere online to prevent malicious actors from abusing the vulnerabilities before the Appwrite team has chance to patch the issue.