Our founder-led engineering team has over a decade of prior experience securely and durably managing petabytes of highly confidential data for some of the world's biggest companies. Here are some ways we keep your data secure at Ampll.

Financial Security

At this point in time, Ampll does not charge for use of our services.  When we do, your credit card and billing information will only be stored securely via PCI-compliant industry-leading payment services.

Password Security

Ampll's preference is to establish account authorization using OAuth. OAuth is an industry standard for authorizing secure delegated access to external apps and service providers. When connecting Ampll via OAuth, we never receive or store your password and you can revoke our access at any time.

For instances where OAuth authorization is not used, Ampll allows you to connect using a traditional username and password system. In these cases, Ampll uses encryption to securely store a representation of your password.

You are responsible to choose secure passwords and to keep them safe. Ampll cannot be responsible for data that is compromised due to an insecure or stolen user password. If using OAuth to authenticate, those underlying passwords must also be kept secure by you.

System and Network Security

We take the following steps to keep your data secure at rest and as it transits networks:

• Partnered with one of the industry's most trusted infrastructure providers, Google Cloud, to secure and store your data.
• Principle of Least Privilege: Systems and Employees are only granted enough access to perform the required tasks.
• Modern Linux operating systems, conservative firewall rules and security configuration.
  Encryption of data at rest.
• Promptly patch critical issues by following industry security lists,

Uptime and Durability

In addition to security, it's critical to be able to access your data and services you rely on at all times. We do the following to keep Ampll accessible to you at all times:

• Cloud service platforms operating on diverse networks.
• Third-party monitoring services track Ampll availability across the planet.
• On-call engineers are automatically paged for any customer-facing outage.
• Coming Soon. Stored data is replicated to multiple servers for service performance and availability.
• Data backups are performed daily and retained for a period of 30 days for disaster recovery.

Operational Security

Our technical team is governed by a comprehensive Security Trust Policy based on industry best practices.

• We will only access your account with your permission to troubleshoot technical or support issues.
• Ampll staff will never ask you for a password.
• All Ampll team members sign on to adhere to our Security Trust Policy with our Users
• All staff computers run with full-disk encryption and strong passwords.
• Every Ampll employee is provided with a copy of 1Password for secure password creation and storage.

Responsible Vulnerability Disclosure

If you are a security researcher or you believe you have encountered a problem in Ampll's security, please review the following.
‍
Please report any security concerns to security@ampll.com. If you want to send an encrypted message, please request our public key.
‍
We ask you provide us with a reasonable amount of time to address reports before publishing security-related information.
‍
You are legally restricted from conducting any security research that could result in the destruction of data, interruption or degradation of service. This includes the use of automated tools or scanners: they are likely to cause your IP address to be banned from our network.