.amboras

security

security

your security is our top priority. we employ industry-leading practices to protect your data and ensure the integrity of our platform.

our commitment

At Amboras, we employ industry-leading security practices to protect your data and ensure the integrity of our platform. We continuously monitor, test, and improve our security measures.

security features

Authentication & Access Control

  • httpOnly cookies for secure token storage
  • JWT-based authentication with refresh tokens
  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA) available
  • OAuth integration (Google, GitHub)

Data Protection

  • End-to-end encryption for data in transit (TLS 1.3)
  • Encryption at rest for sensitive data
  • Regular automated backups
  • Data residency options
  • GDPR and SOC 2 compliance

Monitoring & Detection

  • 24/7 security monitoring
  • Automated threat detection
  • Intrusion prevention systems
  • Real-time alerting
  • Comprehensive audit logs

Infrastructure Security

  • DDoS protection
  • Web Application Firewall (WAF)
  • Network segmentation
  • Regular security patches
  • Infrastructure as Code (IaC) security scanning

compliance & certifications

SOC 2 Type II

Audited security controls

GDPR

EU data protection

ISO 27001

Information security management

CCPA

California privacy compliance

PCI DSS

Payment card security

HIPAA Ready

Healthcare data readiness

security best practices

We recommend following these best practices:

  • Use strong, unique passwords
  • Enable multi-factor authentication
  • Regularly review access logs
  • Keep your dependencies up to date
  • Use environment variables for secrets
  • Implement least privilege access
  • Regular security training for your team

incident response

In the event of a security incident:

  1. 01We will notify affected users within 72 hours
  2. 02Our security team will investigate and contain the incident
  3. 03We will provide regular updates throughout the resolution process
  4. 04Post-incident analysis and preventive measures will be implemented

responsible disclosure

If you discover a security vulnerability, please report it responsibly:

security contact

security@amboras.com

Please include detailed steps to reproduce the issue and any relevant information. We will acknowledge your report within 24 hours.

We offer a bug bounty program for eligible security discoveries. All reports are reviewed by our security team and we commit to keeping you informed throughout the resolution process.

third-party security

We carefully vet all third-party services and conduct regular security reviews of our vendors:

  • Supabase (Authentication & Database)
  • Stripe (Payment Processing - PCI DSS Level 1)
  • Fly.io (Infrastructure Hosting)
  • AWS (Backup & Storage)