We have changed our licensing terms. Please visit this blog post to view details.

Security

Security is a core priority at ApexCharts. This page describes the technical and organizational security measures we implement across our software development lifecycle, infrastructure, and operations.

Secure Software Development Lifecycle (SSDLC)

ApexCharts is developed using industry-leading security practices integrated directly into our development workflow.

Source Code Management

All source code is maintained on GitHub Enterprise, which provides:

  • Private repositories with strict access controls.
  • Mandatory code reviews before any change is merged.
  • Audit logs of all repository access and actions.
  • Branch protection rules preventing direct pushes to production branches.
  • Single Sign-On (SSO) and two-factor authentication (2FA) enforcement for all team members.

GitHub Advanced Security

ApexCharts uses GitHub Advanced Security (GHAS) across all repositories, providing the following automated security controls:

Code Scanning (CodeQL)

  • Automated static analysis of all code changes using CodeQL, GitHub’s semantic code analysis engine.
  • Detects common vulnerability classes including injection flaws, cross-site scripting (XSS), path traversal, and insecure cryptography.
  • All findings are reviewed and remediated before code is released.

Secret Scanning

  • Automatically detects accidental exposure of credentials, API keys, tokens, or private keys in code commits or repository history.
  • Partners with 100+ token providers to enable immediate revocation of any exposed secrets.
  • Push protection prevents secrets from being committed in the first place.

Dependency Review and Dependabot

  • Automated scanning of all third-party dependencies for known vulnerabilities (CVEs) using the GitHub Advisory Database.
  • Dependabot automatically opens pull requests to update vulnerable dependencies, which are reviewed and merged by our engineering team.
  • Dependency licensing is also reviewed to ensure compliance with our open-source obligations.

Security Advisories

  • ApexCharts maintains a private security advisory process for responsible disclosure and coordinated patching of vulnerabilities in our software.

Data Architecture and Data Minimization

ApexCharts is a client-side JavaScript library. This architecture has significant security and privacy implications:

  • ApexCharts runs entirely within the end user’s browser.
  • No chart data, labels, or configurations are transmitted to ApexCharts servers — all data remains within the application that integrates the library.
  • ApexCharts has no ability to access, read, or process data displayed in charts built by our customers.

This architecture means that ApexCharts inherently applies the principle of data minimization: we do not collect or process end-user data as part of normal product operation.

ApexCharts.com Website and Licensing Platform

The ApexCharts website, documentation portal, and licensing/billing platform apply the following security measures:

Encryption in Transit

  • All web traffic is encrypted using TLS 1.2 or higher.
  • HTTPS is enforced across all subdomains.

Access Controls

  • Customer account access is protected by password / domain-based / SSO authentication.
  • Internal administrative access requires MFA and VPN.

Payment Security

  • Payment processing is handled by Stripe, a PCI DSS-compliant payment processor.
  • ApexCharts does not store full credit card numbers on its systems.

Infrastructure

  • Our website and licensing platform hosting details will be published here.
  • DDoS protection, WAF, and CDN details will be published here.

Vulnerability Disclosure

ApexCharts supports responsible disclosure of security vulnerabilities.

If you believe you have found a security vulnerability in ApexCharts, please report it via our GitHub issue tracker: github.com/apexcharts/apexcharts.js/issues

We commit to:

  • Providing a status update within 4 business days.
  • Working with you to understand, validate, and remediate the issue.

Certifications and Audits

Infragistics is SOC 2 Type II certified. The report is available upon request with a signed mutual non-disclosure agreement.

Incident Response

ApexCharts maintains an incident response process to identify, contain, and remediate security incidents affecting our systems.

  • In the event of a confirmed security incident affecting customer data, we will notify affected customers within 72 hours of confirmation, in accordance with applicable legal requirements.
  • Notifications will be sent to the email address associated with the customer account.

Security Contact

For security-related inquiries, please contact: sales@apexcharts.com

ApexCharts <> Infragistics

Stay Updated

Get the latest news, updates and what's coming next! Sign up for our Newsletter here.

Thank You! You are signed up.

There was an error while trying to send your request. Please try again.

ApexCharts.js will use the information you provide on this form to be in touch with you and to provide updates and marketing.