Security is not a feature. It is the foundation.
This page describes how AmpliFlow protects your data β in plain language. Encryption, hosting, access control and incident response. No buzzwords, just documented commitments. For binding terms, see our privacy policy.
Last updated: 2026-02-09
We take security seriously β and we can prove it
Security is not a promise we make in a sales meeting. It is documented, auditable, testable commitments.
EU hosting by default. Encryption at rest and in transit. Role-based access control. Incident response with clear timelines. And consultants working on ISO certification or management systems sign NDAs as part of the standard process β because your information deserves the same protection as ours.
Security at every layer
Six areas that protect your data β from infrastructure to process.
EU Hosting
Azure Sweden Central and West Europe for customer data. Hetzner Finland for website and logs. No customer data leaves the EU/EEA.
Encryption
AES-256 at rest, TLS 1.2+ in transit. Every connection to AmpliFlow is encrypted.
Access Control
Role-based access control, multi-tenant isolation and least-privilege by default.
Business Continuity
RPO under 1 hour, RTO under 4 hours. Automated backups with documented recovery targets.
Incident Response
Notification within 24 hours. Documented workflow from detection through resolution and review.
Infrastructure Certifications
Azure ISO 27001, SOC 1/2/3. See the full list at Microsoft.
Technical details
Every connection to AmpliFlow is protected with
Access control is based on
Automated backups run continuously with
Our infrastructure on Azure is certified under
Follow your data's journey
See exactly how your data is protected at every step β from your browser to secure storage within the EU.
Your Data Stays in the EU
Click a location to see details
Map data Β© SimpleMaps.com
Test us
We welcome responsible security testing. Want to run
Since AmpliFlow runs on Azure, Microsoft's penetration testing rules apply. In practice, you can test freely without special approval β but a heads-up helps us distinguish your tests from actual attacks.
NDA and confidentiality
Consultants working on ISO certification or management systems sign non-disclosure agreements (NDA) as part of the standard process. This is not something you need to ask for β it is included.
Need a separate NDA with AmpliFlow as a company? We arrange that. SLA is available on request. A Data Processing Agreement (DPA) is included with every subscription.
No third-country transfers
All processing of customer data takes place within the EU/EEA.
Microsoft Azure β our infrastructure provider β is certified under the EU-U.S. Data Privacy Framework (DPF). All data centres we use are located in Sweden, the Netherlands and Finland.
Exception: If you explicitly choose to enable AI features, those providers
may process data outside the EU. In such cases,
Your data belongs to you
At the end of your subscription, we export all your data in JSON format (structured data) plus original files (attachments you uploaded). After confirmed receipt, your data is deleted from our systems and you receive a deletion certificate.
We charge a fee for the export as the process still requires some manual handling. We are actively working on automating this to continuously reduce the cost.
Your data belongs to you β before, during and after your subscription.
Frequently asked questions about security
What sub-processors does AmpliFlow use?
Microsoft Azure (hosting and database), Pendo (product analytics), Sendgrid (transactional email) and optional AI providers that you explicitly enable. We keep the list short on purpose. The full list is included in our Data Processing Agreement.
Do you use Intercom or similar chat tools?
No. All support is handled via email at support@ampliflow.se. We have deliberately chosen not to use chat tools that require third-party scripts on your pages.
Can we get an SLA?
Yes, an SLA is available on request. Contact us and we will prepare an agreement that matches your requirements.
How do you handle security incidents?
We have a documented workflow: detection, classification, remediation, notification within 24 hours and follow-up with an incident report. Every incident results in a review to prevent recurrence.
Can we perform penetration tests against AmpliFlow?
Yes. Give us a heads-up so we can coordinate. Since AmpliFlow runs on Azure, Microsoft's penetration testing rules apply β in practice, you can test freely without special approval, but a heads-up helps us distinguish your tests from actual attacks.
Where are backups stored?
Backups are stored on Azure within the EU/EEA, in the same regions as primary data (Sweden and Western Europe). Backups are encrypted with AES-256.
Can individual consultants sign NDAs?
Yes. Consultants working on ISO certification or management systems sign NDAs as part of the standard process. If you need a separate NDA with AmpliFlow as a company, we arrange that as well.
How do you handle GDPR?
We have a dedicated GDPR page covering data handling, sub-processors, data subject rights and our Data Processing Agreement. A DPA is included with every subscription.
Questions about security?
Have questions about how AmpliFlow protects your data, need an NDA, SLA or want to coordinate penetration tests β we are happy to help.
Email: info@ampliflow.com