Aperture Systems

Security & Compliance Overview

Verified

Company Overview

Cloud-native workflow automation platform delivering enterprise-grade reliability, security, and analytics.

Founded
2021
Employees
50-100
Industry
Enterprise Software
Website
Visit
Trust Score
Overall compliance rating
92%
Based on 4 certifications and 5 controls

Security Metrics

99.95%
Uptime SLA
Last 12 months
24/7
Security Monitoring
Real-time threat detection
AES-256
Data Encryption
At rest and in transit
4x Daily
Backup Frequency
Automated with 30-day retention

Certifications & Compliance

SOC 2 Type II
certified

Comprehensive audit of security, availability, and confidentiality controls

Issued:March 2024
Expires:March 2025
Auditor:Deloitte & Touche LLP
ISO 27001
certified

International standard for information security management systems

Issued:June 2024
Expires:June 2027
Auditor:BSI Group
HIPAA Compliance
in progress

Healthcare data protection compliance - audit scheduled for Q4 2025

PCI DSS
planned

Payment card industry data security standard - planned for 2026

Security Controls

Access Control

Multi-Factor Authentication

Required for all administrative access and optional for end users

implementedLast reviewed: Jun 2025

Role-Based Access Control

Principle of least privilege with regular access reviews

implementedLast reviewed: Jun 2025
Data Protection

End-to-End Encryption

AES-256 encryption for data at rest and TLS 1.3 for data in transit

implementedLast reviewed: May 2025
Infrastructure Security

Vulnerability Management

Weekly automated scans with 48-hour remediation SLA for critical issues

implementedLast reviewed: Jun 2025
Business Continuity

Incident Response Plan

24/7 incident response team with defined escalation procedures

implementedLast reviewed: May 2025

Audit Reports

SOC 2 Type II Audit

passed

Clean audit with no material weaknesses identified. All security controls operating effectively.

Date: March 2025Auditor: Deloitte & Touche LLP

Penetration Testing

passed with-recommendations

No critical vulnerabilities found. 2 medium-risk items identified and remediated.

Date: May 2025Auditor: CyberSec Solutions

Software Licenses & Dependencies

4
Low Risk Licenses
0
Medium Risk Licenses
0
High Risk Licenses
0
Total Vulnerabilities
License Inventory
Complete list of software dependencies and their licenses
SoftwareLicenseTypeRiskPurposeVulnerabilities
React
v18.2.0
MITpermissivelowFrontend UI framework0
Next.js
v15.2.3
MITpermissivelowWeb application framework0
PostgreSQL
v16.3
PostgreSQL LicensepermissivelowPrimary database0
Redis
v7.2.5
BSD-3-ClausepermissivelowCaching and session storage0

Data Collection & Processing

Data Collectors

Google Analytics 4

analytics

Website usage analytics and performance monitoring

Data Types: Page views, User interactions, Device information
Retention: 26 months
Location: United States
Opt-out: Available3rd Party Sharing: Yes

Sentry Error Tracking

monitoring

Application error monitoring and performance tracking

Data Types: Error logs, Performance data, User session data
Retention: 90 days
Location: United States
Opt-out: Not Available3rd Party Sharing: No

Data Processing Activities

User Account Management

Legal Basis: Contract performance
Data Types: Personal identifiers, Contact information, Account credentials
Data Subjects: Customers, Prospects
Recipients: Internal staff, AWS (hosting)
Retention: Account lifetime + 7 years
Cross-border Transfers:No

Product Analytics

Legal Basis: Legitimate interest
Data Types: Usage data, Feature interactions, Performance metrics
Data Subjects: Customers
Recipients: Internal product team, Google Analytics
Retention: 26 months
Cross-border Transfers:Yes(Standard Contractual Clauses)

Third-party Integrations & Vendors

2
Low Risk Vendors
1
Medium Risk Vendors
0
High Risk Vendors
Amazon Web Services (AWS)
infrastructurelow risk

Cloud infrastructure hosting and services

Data Shared: Application data, User data, System logs
Location: United States (us-east-1, us-west-2)
Contract Type: BAA
Security Assessment:completed
Last Reviewed: 2025-05-01
Stripe
businesslow risk

Payment processing and billing

Data Shared: Payment information, Customer billing data
Location: United States
Contract Type: DPA
Security Assessment:completed
Last Reviewed: 2025-04-15
Datadog
monitoringmedium risk

Infrastructure monitoring and alerting

Data Shared: System metrics, Application logs, Performance data
Location: United States
Contract Type: DPA
Security Assessment:completed
Last Reviewed: 2025-05-22

Business Continuity & Insurance

Business Continuity Plans

Disaster Recovery Plan

RTO: 4 hours
RPO: 1 hour
Last Tested: May 2025
Test Results:passed
Backup Locations: AWS us-west-2, AWS eu-west-1

Incident Response Plan

RTO: 1 hour
RPO: 15 minutes
Last Tested: June 2025
Test Results:passed
Backup Locations: 24/7 SOC, On-call engineering team

Insurance Coverage

Cyber Liability Insurance

Coverage: $5,000,000
Provider: AIG
Expires: December 31, 2025

Professional Liability (E&O)

Coverage: $2,000,000
Provider: Hiscox
Expires: March 15, 2026

Support Service Level Agreements

Enterprise Support
Response Time:1 hour
Resolution Time:4 hours
Availability:24/7/365
Channels:
PhoneEmailChatDedicated Slack
Escalation:

Automatic escalation to engineering team after 2 hours

Business Support
Response Time:4 hours
Resolution Time:24 hours
Availability:Business hours (9 AM - 6 PM EST)
Channels:
EmailChatSupport Portal
Escalation:

Manual escalation available upon request

Security & Compliance Contact

For detailed compliance documentation, audit reports, or security inquiries

Last Updated: July 1, 2025
Last Audit: May 2025
Next Audit: September 2025

This trust page is generated and maintained by Aperture Systems. All information is current as of July 1, 2025.