Introduction

Amity Security Overview

Amity’s mission is to empower people and companies with the tools they need to do their best work. As an enterprise product, security is a high priority at amity, and we have ensured that it was built into our company’s DNA from day 1. We believe in a holistic view of security, such that effective security is centered around the effective integration of people, process, and technology. This page describes our efforts in securing each of these pillars.

GDPR Compliant and ISO 27001 Certified

Organizational security

Our security program is aligned to the ISO/IEC 27000 standards and is regularly assessed by third party auditors and customers. Amity is ISO27001 ISO/IEC 27001:2013 certified and compliant with the requirements as stated in the standard: ISO/IEC 27001. Certificate can be shared upon request.

Security and privacy training

All amity employees are required to understand and follow amity’s internal IT Security Policy and Data Protection Policy.

All engineers and support personnel who have been granted access to systems and/or data receive additional job-specific training on privacy and security. Employees are required to report any security and privacy issues to appropriate internal teams.

Policies and standards

‍Amity’s internal IT Security Policy and Data Protection Policy provide all employees with clear guidelines and boundaries for operation within amity. These policies are designed to ensure that all amity customers have confidence in our custodianship and management of their data. These policies include, but are not limited to:

  • Security and privacy training
  • Data classification & handling processes
  • Secure development lifecycle & change management
  • Use of encryption
  • 24/7 monitoring
  • Disaster recovery & business continuity processes
  • Employee onboarding and offboarding

Data security

All amity systems are designed with a focus on preventing unauthorized access to customer data, using the latest security best practices and technologies. Additionally, we continuously test and re-evaluate our systems on a regular basis, in order to proactively identify and mitigate potential risks.

Encryption

All data going through amity is encrypted in-transit. Data in-transit is always encrypted with the latest TLS 1.2 protocol, a security protocol widely known and used for encryption of personal information in the e-commerce and banking industries. All data stored in Amity is encrypted with AES-256 encryption.

Privacy Controls

Amity proactively provides additional controls to make sure sensitive company data is not leaked. As one example, amity will let employees know if they start a conversation with someone outside the official company network. When working with very sensitive data, you can also use our message editing and deletion features to easily ensure that any message is permanently deleted from everyone’s devices.

Audit Controls

Amity provides mechanisms that record and examine all activities on any part of the system which contains customer data. Our cloud servers have account monitoring in place that logs any user activity. Additionally, every message or piece of data sent over amity will also contain traceable, detailed delivery and receipt information that can be easily accessed on the client side; every action performed within amity by users is also securely logged, and can be requested by the company at any time.

Application Security

Amity was developed, and is continuously updated, according to OWASP’s best practices, with regular security audits conducted by an outside party. We utilize world-class CDN providers on all our endpoints for our DDoS protection and firewall protection. We also use IP reputation filtering, intrusion detection and prevention systems at all our underlying infrastructure.

Secure Data Center

Amity’s servers are hosted with Amazon Web Services (AWS) in their Frankfurt, Singapore, and North Virginia regions. AWS is a global data center & cloud computing provider with secure locations all over the world. Amity’s data centers are SSAE16 SOC1 / SOC2 / SOC3 and ISO 27001 compliant. This means our physical servers all have 24/7 video surveillance, biometric locks, and strict personnel access controls.

ISO 27001 Security Certificate
More information about our infrastructure provider.

Reliability & Availability

Amity’s application and databases are designed with scalability and high reliability – all components are deployed with no single point of failure. Amity’s data centers include an on-premise backup power supply. Additionally, your data is backed up nightly.

GDPR

At Amity we are fully committed to being compliant, where applicable, with the provisions of GDPR and to help our customers and users to understand this regulation. Hence, the goal of this GDPR Commitment is to explain what steps we took - and what we will take in the future - to ensure and maintain a secure and compliant environment for our customers and users under GDPR. For more information please refer to amity.co/legal/.

GDPR Compliant and ISO 27001 Certified

Amity takes security very seriously

We work hard to ensure that all of our customer’s data is handled responsibly and ethically. All staff at amity sees this as a critical responsibility for us, and we are committed to maintaining this trust with all of our customers.

Amity Headquarters

About Amity

Supercharging apps, everywhere

  • Founded in 2012
  • 200+ Full Time Employees
  • 30+ Nationalities
  • Serving 120+ large enterprises worldwide
Learn more about Amity