Super Amplify®

Security & Compliance Measures

Compliance


We are pleased to announce that Super Amplify has successfully completed the SOC 2 Type 1 audit, demonstrating our commitment to maintaining high standards of security and data protection. This achievement reflects our ongoing dedication to safeguarding client data and ensuring operational excellence. We are proud to be SOC 2 Type 1 compliant, underscoring our promise to meet the highest industry standards for security and compliance.


First of all we do not store your data. We use cloud service providers to store your data. Super Amplify uses the following clould service providers:


Digital Ocean: SOC 3 Type II certifications - more information about Digital Ocean Trust available here: https://www.digitalocean.com/trust


Google: SOC 3 Type II certification - more information about Google Cloud Trust availalbe here: https://cloud.google.com/security/infrastructure


AWS: SOC 3 Type II certification - more information about AWS Cloud Trust availalbe here: https://aws.amazon.com/products/security/

2. ISO 27001:

ISO 27001 is a globally recognized standard for information security management systems. Super Amplify cloud providers are ISO 27001 compliant.

3. GDPR:

General Data Protection Regulation (GDPR), is a comprehensive EU-wide data protection law that governs the use, sharing, transfer, and processing of EU resident personal data. Super Amplify is follows the processes required by GDPR.

4. PCI:

Payment Card Industry Data Security Standard (PCI) is a standard that defines the security and privacy requirements for payment card processing. Super Amplify does not store personal credit card information for any of our customers. We use Stripe to securely process transactions and trust their commitment to best-in-class security. Stripe is a certified PCI Service Provider Level 1, which is the highest level of certification in the payments industry.

Infrastructure


The Super Amplify infrastructure is hosted on Digital Ocean, Google, and AWS. We encrypt all passwords and API keys using AES-256 encryption. Super Amplify uses HTTPS/TLS 1.3 for all data in transit.

Where does my data live?

The data lives on Digital Ocean, Google, and AWS. We use each service for different purposes to maximize protection of your data.

Failover strategy

Super Amplify uses Digital Ocean to automatically reroute traffic to another region in case of regional failure switch to another region automatically using automatic failover feature Our core database and data plane is a globally replicated database with rapid manual failover, using multiple availability zones.

Data encryption

Super Amplify encrypts data with 256 bit Advanced Encryption Standard (AES-256). While data is in transit (on route between source and destination), Super Amplify uses HTTPS/TLS 1.3.

Data backup

Super Amplify backs-up customer data at an interval of every hour, each backup is persisted for 30 days, and is globally replicated for resiliency against regional disasters. Automatic backups are taken without affecting the performance or availability of the database operations.

Do Enterprise accounts run on a different infrastructure?

Enterprise Teams on Super Amplify may have their own build infrastructure ensuring isolation from free accounts.

Penetration testing and Audit scans

Super Amplify conducts regular penetration testing through third-party penetration testers, and has daily code reviews and static analysis checks.

Data Protection Officer (DPO)

We have designated a specialized Data Protection Officer who actively supervises all data protection activities.

Data Auditing

We conduct thorough audits to identify the nature of personal data we hold, its origins, how we process it, and who has access to it. This helps us maintain a comprehensive data inventory.

Lawful Data Processing

We have established clear legal grounds for all our data processing activities, whether that is through explicit consent, contractual obligations, or other legally permissible reasons.

Transparent Privacy Policy

Our privacy policy is continually updated to transparently outline our data processing activities, retention periods, and your rights as a data subject.

Consent Management

Where consent is our lawful basis for data processing, we implement stringent consent mechanisms that are clear, specific, and user-friendly.

Risk Assessments

Before launching any new project that involves personal data, we conduct a Data Protection Impact Assessment (DPIA) to evaluate risks and implement necessary mitigations.

Data Security

We have deployed industry-standard security measures to safeguard your data against unauthorized access and other risks. Our security protocols are regularly reviewed and updated.

Data Breach Protocols

We maintain a robust data breach response plan to effectively manage any security incidents, thereby minimizing potential harm.

Facilitating Data Subject Rights

We have processes in place that allow data subjects to easily exercise their rights, such as accessing, correcting, or deleting their personal data.

Employee Training

All Super Amplify staff receive ongoing training on GDPR requirements and best practices for data protection.

Vendor Compliance

We carefully vet all third-party vendors who process data on our behalf, ensuring they comply with GDPR. This includes updating contracts and Data Processing Agreements (DPAs).

Record-Keeping

We meticulously keep records of all our data processing activities, consent documentation, and any procedures enabling data subjects to exercise their rights.

Internal Audits

Even though GDPR doesn’t formally require audits, we periodically review our compliance through internal audits to ensure we are always up to date.

Compliance Documentation

We maintain comprehensive documentation of all our compliance activities. This is particularly crucial should we ever need to prove our compliance to regulatory bodies.