Trust & Security at AppPack

We help teams deploy to their own AWS account. Your application data, secrets, and code stay in your account; AppPack orchestrates AWS-managed services to build and run your app. For a deeper technical overview, see AppPack under the hood.

How AppPack handles your data

• Your account, your data. AppPack facilitates the creation and management of AWS resources in your AWS account.
• Scoped orchestration access. Our AppPack orchestration service (running in our AWS account) uses limited, least-privilege API access into your AWS account to manage, update, and deploy services. This does not include direct access to sensitive data such as secrets, databases, or object storage contents.
• Direct-to-AWS interactions. The AppPack CLI and web UI communicate directly with AWS using temporary credentials, minimizing any data that transits AppPack’s services.
• Config & secrets. Application configuration and secrets live in AWS Systems Manager Parameter Store in your account; AppPack cannot decrypt your secret values.

Security

• Authentication & authorization. Sign-in is handled by a trusted identity provider (Auth0); access to AWS is enforced by IAM roles and policies with least-privilege.
• Encryption. Data is encrypted in transit (TLS). At rest, your data remains encrypted by services in your AWS account.
• Operational practices. Changes are reviewed, dependencies are monitored, and infrastructure is managed with infrastructure-as-code.

Privacy & subprocessors

• Privacy Policy
• Subprocessors

Compliance & assessments

We do not currently hold formal certifications or audit reports (e.g., SOC 2 or ISO 27001). However, we design our controls and processes to align with the principles and requirements outlined in SOC2, and we may pursue formal certification in the future. We’re happy to complete customer security questionnaires (including HECVAT) under NDA as needed.

Vulnerability disclosure

If you believe you’ve found a security issue, please contact security@lincolnloop.com. We’ll investigate and respond promptly.

Requests & questions

Email security@lincolnloop.com