Legal and trust
Security posture for Apollo Advisors°.
This page explains the current security posture, operational boundaries, and trust-oriented handling expectations across the platform.
Security posture
Apollo treats security as an operational discipline across public routes, account boundaries, integrations, and data handling. Security measures should reduce risk without obscuring responsibility or ownership.
Account and access boundaries
Authentication, authorization, and privileged actions should remain clearly separated across public pages, account routes, and future workspace surfaces.
- Authenticated routes should remain behind explicit session boundaries.
- Privileged actions should not be exposed through public marketing routes.
- Future workspaces should enforce their own authorization rules rather than inheriting public assumptions.
Operational controls
Apollo favors explicit environment boundaries, webhook verification, typed runtime configuration, and least-privilege integration patterns.
- Sensitive keys and secrets remain server-side only.
- Webhook inputs should be verified before processing.
- Production and preview environments should stay operationally distinct.
Incident and support handling
Security concerns, suspected vulnerabilities, or trust-related questions should be routed through the operator support channel so ownership and follow-up remain clear.
Use usage@apolloadvisor.com for security-related communication that requires operator attention.