Trust center

Security and operational readiness for social API infrastructure.

Meinich Bache Apionics operates Apionics, an API-first platform for publishing, account management, and workflow control across supported social platforms. This page documents the controls that are live today and the trust work planned before broader enterprise rollout.

API key hashingEncrypted tokensAudit logsData deletion

Credential handling

Dashboard passwords are hashed, API keys are stored as one-way hashes, and platform credentials are encrypted before storage.

Transport security

Apionics is served over HTTPS, uses signed session cookies, and keeps API credentials out of browser-side examples.

Auditability

Security-sensitive actions such as login, account changes, API key creation, revocation, and password reset attempts are written to audit logs.

Current status

Available today, with enterprise documents in progress.

Apionics currently documents practical controls directly in the product: platform availability, audit logs, API key handling, token status, and data deletion. Formal procurement documents such as a DPA, subprocessor list, and security questionnaire are planned as the platform moves beyond early access.

Early access

Live controls

  • Instagram and Facebook platform status is separated from planned platforms
  • API keys are reveal-once and can be revoked from the workspace
  • Platform tokens and private credentials are encrypted before storage
  • Workspace data deletion process is available

Operational controls

  • Audit logs are visible inside the workspace
  • Token expiry warnings are surfaced in the dashboard
  • System status page separates live platform coverage from rollout plans
  • Recovery-key password reset is available for owner access

Roadmap

  • Formal DPA and subprocessor register
  • Security questionnaire package
  • Documented incident response policy
  • SOC 2 readiness work after public launch

Contact & escalation

Meinich Bache Apionics will establish dedicated security, privacy, and incident-response contact channels before public launch. Early customers and platform reviewers can use existing founder/operator channels while formal inboxes are being prepared.

Contact channels coming soon

Subprocessors

Formal subprocessor documentation is in progress. Future entries should list provider name, purpose, region, and data category before onboarding.

Security contact

A dedicated security contact will be published before public launch for responsible disclosure and incident coordination.