Skip to main content
[ Security ]

How we keep your account safe.

Last updated: June 1, 2026

Draft This page is a placeholder. We'll replace it with a formal whitepaper, SOC 2 status, and a vendor-security questionnaire before launch.

Account credentials

Your LinkedIn session is stored encrypted at rest (AES-256-GCM with per-tenant keys) and never logged in plaintext. We never see your LinkedIn password — we operate via a session cookie you authorize through our extension.

Transport

TLS 1.3 everywhere. HSTS with preload. The marketing site and the product API enforce HTTPS at the edge and reject plaintext connections.

Data isolation

One Postgres schema per tenant. Background workers carry the tenant identity through every job. No cross-tenant queries run against the production database.

Backups

Point-in-time recovery with 30-day retention. Daily full backups encrypted at rest in a separate region.

Incident response

Any production incident triggers a status update on status.ampliflow.io within 15 minutes. We publish a public postmortem within 7 days for anything that affected paying customers.

Responsible disclosure

If you've found something, email security@ampliflow.io. We respond within one business day. We don't have a paid bounty program yet, but we credit reporters on this page once we ship one.

Compliance

SOC 2 Type II in progress; ETA Q1 2027. GDPR-compliant data processing addendum available on request to any EU customer.

© 2026 Ampliflow. All rights reserved. Built for founders who actually run outbound