Security Measure Commitments
At AppsFlyer, we are committed to protecting the confidentiality, integrity and availability of customers’ data. To achieve this, we have implemented a number of organizational and technical measures, as well as physical and policy-based measures to secure our platform and safeguard our customer’s data as specified below. AppsFlyer may update the measures from time to time, without notice (except where there is a degradation in the level of security), to meet evolving industry standards, regulations or controls and as deemed necessary by AppsFlyer to maintain and provide the services to customers in a secure manner.
AppsFlyer maintains a comprehensive security program. Under its security program, AppsFlyer continuously monitors for potential risks and implements appropriate controls to maintain the security and confidentiality of customer data and to protect it from known or reasonably anticipated threats or hazards. The security program is regularly reviewed by a dedicated security team to ensure its effectiveness. The security team is tasked with maintaining the company’s security systems, developing security review policies and procedures, developing appropriate security infrastructure and performing appropriate security awareness and compliance training to relevant personnel. The security team regularly reviews security plans for all networks, systems and services, monitors for suspicious activity on AppsFlyer’s networks, addresses information security threats, performs routine security evaluations and audits, and performs regular security assessments.
AppsFlyer employs a software development lifecycle based on recognized industry security standards and which includes: (i) change management procedures to ensure that there is no adverse impact on security when changes are performed; (ii) regular code reviews, including through automated static code scanning; and (iii) periodic (at least annually) penetration testing.
AppsFlyer maintains a formal process for granting, modifying, and revoking user access rights to its various systems including production systems. Access controls are based on job function and role using the concepts of least-privilege and need-to-know. Access is provided through the use of unique ID’s and a complex password policy.
AppsFlyer utilizes encryption technologies for customer data, as appropriate, in transit and rest. Traffic transferred to AppsFlyer over https is encrypted using TLS1.2 encryption with minimum key length of 128 bits (or similar). Customer data is encrypted at rest on our databases through AES256 bit (or similar).
AppsFlyer utilizes multi-layered controls to help protect its infrastructure. AppsFlyer utilizes a wide range of tools to monitor its environment across data centers on both the server and application level. Parameters are collected and aggregated at a central location using redundancy to detect anomalies, trends, threshold crossing, etc. AppsFlyer utilizes industry standard tools (Firewall, AWS WAF, AWS, DDoS protection, and API protection tools) to protect against various network threats and vulnerabilities.
AppsFlyer’s hosting services (AWS and Google Cloud) maintain various physical security measures over their data hosting locations including: (i) controlled access and 24 hour security; (ii) surveillance measures; (iii) room security measures (e.g biometric access); (iv) multiple power feeds; and (v) fire detection and suppression systems.
AppsFlyer performs regular certification and third party audits of its security program (ISO 27001, SOC2 etc.). Please visit our security hub for more information. AppsFlyer may make available to customers, upon request and subject to confidentiality obligations, its certifications or third party audit reports (SOC2).