Amplitude implements strong security and privacy throughout the organization and platform. The security and privacy of your data are paramount, and we take the protection of our customer’s data extremely seriously. Our application and platform are designed to be secure and reliable so you can focus on growing your application and engaging your users.
Our platform is implemented within Amazon Web Services (AWS), a secure, fault-tolerant cloud that incorporates strong security controls. AWS further provides compliance with a large and varied set of security standards. Rather than relying solely on Amazon for the security and compliance of our platform, Amplitude has implemented its own security program that ensures that we follow industry best practices and improves overall security.
Our application is built with security embedded throughout the Software Development Life Cycle (SDLC), with the necessary checks and balances to ensure that only code that has been properly reviewed, tested, and accepted is deployed into production. We regularly engage with trusted external parties to conduct testing of our platform and application via means such as scans and penetration tests.
We also adhere to the principle that your data is yours, which means that we will never share it with any third parties.
We also acknowledge that no environment can guarantee absolute security. Therefore, we strongly recommend that our customers avoid sending us sensitive data whenever possible, such as ePHI, PCI, or PII. Our platform does not need those kinds of data for you to leverage all of its powerful features. If we do not have it, then we can never lose it. In cloud environment security, this is called the shared-responsibility model: our responsibility is to provide you with a secure platform; yours is to use it properly, for its intended purpose, and only send us the data necessary to meet your goals.
For more questions around security, compliance, and privacy, or to report a problem, please contact us.