Security and Compliance

This FAQ answers common questions about data security, access controls, and compliance standards for App Marketplace apps.

Is app access secure? How's data handled?

Yes. All apps are executed securely with:

• Scoped access controls, defined in the manifest and approved by the customer
• Per-customer, per-app runtime isolation
• No broad access: apps can only see what's explicitly granted

What security and compliance standards must apps meet?

All apps must comply with baseline security and compliance standards:

• No hardcoded secrets or credentials
• Proper handling of PII and sensitive metadata
• Use of declared scopes and approved APIs only
• Alignment with customer and regional compliance requirements (for example, SOC 2, GDPR)