Security is not a feature. It is the foundation.
This page describes how AmpliFlow protects your data - in plain language. Encryption, hosting, access control and incident response. No buzzwords, just documented commitments. For binding terms, see our privacy policy and terms of service.
Last updated: 2026-03-27
How we protect your data
Security is not a promise we make in a sales meeting. It is documented, auditable, testable commitments.
EU hosting by default. Encryption at rest and in transit. Role-based access control. Incident response with clear timelines. And consultants working on ISO certification or management systems sign NDAs as part of the standard process - because your information deserves the same protection as ours.
Security at every layer
Six areas that protect your data - from infrastructure to process.
EU Hosting
Azure Sweden Central and West Europe for customer data. Hetzner Finland for website and logs. No customer data leaves the EU/EEA.
Encryption
AES-256 at rest, TLS 1.2+ in transit. Every connection to AmpliFlow is encrypted.
Access Control
Role-based access control, multi-tenant isolation and least-privilege by default.
Business Continuity
RPO under 1 hour, RTO under 4 hours. Automated backups with documented recovery targets.
Incident Response
Notification within 24 hours. Documented workflow from detection through resolution and review.
Infrastructure Certifications
Azure ISO 27001, SOC 1/2/3. See the full list at Microsoft.
Technical details
Every connection to AmpliFlow is protected with
Access control is based on
Automated backups run continuously with
Our infrastructure on Azure is certified under
Test us
We welcome responsible security testing. Want to run
Since AmpliFlow runs on Azure, Microsoft's penetration testing rules apply. In practice, you can test freely without special approval - but a heads-up helps us distinguish your tests from actual attacks.
NDA and confidentiality
Consultants working on ISO certification or management systems sign non-disclosure agreements (NDA) as part of the standard process. This is not something you need to ask for - it is included.
Need a separate NDA with AmpliFlow as a company? We arrange that. SLA is available on request. A Data Processing Agreement (DPA) is included with every subscription.
Frequently asked questions about security
Do you use Intercom or similar chat tools?
No. All support is handled via email at support@ampliflow.com. We have deliberately chosen not to use chat tools that require third-party scripts on your pages.
Can we get an SLA?
Yes, an SLA is available on request. Contact us and we will prepare an agreement that matches your requirements.
How do you handle security incidents?
We have a documented workflow: detection, classification, remediation, notification within 24 hours and follow-up with an incident report. Every incident results in a review to prevent recurrence.
Can we perform penetration tests against AmpliFlow?
Yes. Give us a heads-up so we can coordinate. Since AmpliFlow runs on Azure, Microsoft's penetration testing rules apply - in practice, you can test freely without special approval, but a heads-up helps us distinguish your tests from actual attacks.
Where are backups stored?
Backups are stored on Azure within the EU/EEA, in the same regions as primary data (Sweden and Western Europe). Backups are encrypted with AES-256.
Can individual consultants sign NDAs?
Yes. Consultants working on ISO certification or management systems sign NDAs as part of the standard process. If you need a separate NDA with AmpliFlow as a company, we arrange that as well.
Questions about security?
Have questions about how AmpliFlow protects your data, want to coordinate penetration tests, or need an NDA - we are happy to help.
Questions about GDPR, data processing agreements, or data transfers? See our GDPR page.
Email: info@ampliflow.com