Apex protects construction's most sensitive financial data. Here's the proof — certifications, controls, sub-processors, and downloadable artifacts your security team needs.
All certifications independently audited and renewed on schedule.
Audited annually by independent CPA firm. Covers Security, Availability, Confidentiality.
Information security management system certification. Re-audited every 3 years.
EU data residency, Data Processing Agreement, Right to Erasure, breach notification.
California Consumer Privacy Act. Do-not-sell controls and verified deletion requests.
Business Associate Agreement available for healthcare GCs on Enterprise plan.
All payment data handled by Stripe (Level 1 PCI service provider). Apex never sees card data.
Defense in depth across infrastructure, application, and identity.
TLS 1.3 in transit. AES-256 at rest. Field-level encryption for SSN, EIN, bank routing & account numbers.
TOTP, WebAuthn / FIDO2 passkeys, and SAML SSO with SCIM provisioning on Enterprise.
Every read, write, and admin action recorded. Exportable to CSV or streamed to SIEM via webhook.
Multi-AZ deployment, automated failover, RPO < 5 min, RTO < 1 hour. Quarterly DR exercises.
Choose US or EU at workspace creation. Data never crosses the boundary you select.
Logical isolation enforced by Row-Level Security policies on every table. Dedicated DB available on Enterprise.
Vendors that process customer data on our behalf. Notification 30 days before any addition.
| Vendor | Purpose | Region |
|---|---|---|
| Amazon Web Services | Primary cloud infrastructure | US-East / EU-West |
| Supabase | Managed PostgreSQL + Auth | US / EU multi-region |
| Stripe | Payment processing | US, PCI Level 1 |
| Cloudflare | CDN, DDoS, WAF | Global edge |
| Sentry | Error monitoring | US-West |
| OpenAI / Google AI | LLM inference (opt-in) | US, zero-retention |
Available under NDA to qualified prospects. Sign in or contact us for instant access.
SOC 2 Type II Report
PDF · 4.2 MB · Under NDA
ISO 27001 Certificate
PDF · 380 KB
Penetration Test Summary
PDF · 1.1 MB · Under NDA
Data Processing Agreement
PDF · 220 KB
Business Continuity Plan
PDF · 680 KB · Under NDA
Standard Security Questionnaire (CAIQ-Lite)
XLSX · 95 KB
Service credits applied automatically if monthly uptime falls below targets. Real-time status published at status.billslash.com. Incident post-mortems published within 5 business days.
View live status →