Apeironix – Triforta

logo of apeironix
SIGN UP
CONTACT US

Legal Policies

Apeironix Security Policy

Apeironix Security Policy

Security Policy

Exhibit B to the Master Services Agreement

Apeironix maintains a comprehensive security program to protect Customer Content and ensure the confidentiality, integrity, and availability of the Services, in compliance with Applicable Data Protection Laws (e.g., CCPA, PIPEDA, and, where applicable, HIPAA). Key measures include:

  • Certifications and Audits: Annual SOC 2 Type II audits and penetration testing to validate security controls, with reports or summaries available to Customers upon request (per DPA Section 9).
  • Access Controls: Role-based access control (RBAC), multi-factor authentication (MFA), and least privilege principles enforced for all personnel and systems accessing Customer Content.
  • Secure Development Lifecycle (SDLC): Secure coding practices, regular code reviews, and vulnerability assessments integrated into the development of the AI Insurance Automation Platform.
  • Encryption: Data encrypted at rest (AES-256) and in transit (TLS 1.2/1.3) using AWS Key Management Service (KMS) with hardware security module (HSM)-backed keys.
  • Data Isolation: Customer Content isolated in AWS cloud environments using logical and physical separation to prevent unauthorized access.
  • Monitoring and Logging: Continuous monitoring and logging of security events to detect and respond to threats, with logs retained per the Data Retention Policy (MSA Section 2.4(c)).
  • Incident Response: Formal incident response program with defined processes for detection, containment, and notification of Personal Data Breaches without undue delay (as required by CCPA and PIPEDA), with prompt Customer notification (MSA Section 4.5).
  • Data Backup and Recovery: Regular automated backups stored securely, with periodic disaster recovery testing to ensure service availability.
  • Employee Training: Ongoing security awareness training for all personnel to mitigate insider risks and ensure compliance with security policies.
  • Subprocessor Security: Subprocessors (e.g., AWS) adhere to equivalent security standards, with agreements ensuring compliance (DPA Section 5).
  • Physical Security: AWS data centers employ physical security measures, including restricted access, surveillance, and environmental controls.
  • Change Management: Controlled change management processes to ensure platform updates do not introduce vulnerabilities.
  • Third-Party Testing: Regular security assessments of third-party applications and infrastructure to address integration risks (MSA Section 3.3(e)).


1. Electronic Notices and Communications.

Customer consents to receive any agreements, notices, disclosures, and other communications (collectively, “Notices”) from Apeironix electronically, including via email or by posting on the Platform or website. Customer agrees that all Notices provided electronically satisfy any legal requirement that such communications be in writing. Customer is responsible for maintaining a valid email address and ensuring delivery of Notices. Unless otherwise specified, Notices will be deemed given when sent by email or posted online.

2. No Agency or Employment Relationship.

Nothing in this Security Policy creates any agency, partnership, joint venture, employer-employee, or franchisor-franchisee relationship between Customer and Apeironix. Neither Party is authorized to act on behalf of the other or bind the other to any obligation.

3. Contacting Us.

If Customer has any questions about this Security Policy or the security of the Services, please contact:

Apeironix Inc.
Email: legal@apeironix.com
Phone: (888) 508-9495
Address: 6195 Ridgeview Ct., Suite F, Reno, NV 89519

By using our Services, you acknowledge that you have read, understood, and agree to be bound by this Security Policy.