Each app is deployed into it’s own container. All access to the apps is over SSL and you can configure your app to require authentication prior to anyone accessing it.
The storage for each container is not permanent, so if you need to store something our strong recommendation is for you to push that data into your own data store. That could be a database such as Amazon’s RDS, or it could be on a filesystem where you could push the data to it from within your application.
The design of the system is for every account to have their own sub-directory structure and to enforce the security at a filesystem and operating system level.