Security is not a feature. It is the foundation.
This page describes how AmpliFlow protects your data - in plain language. Encryption, hosting, access control and incident response. No buzzwords, just documented commitments. For binding terms, see our privacy policy and terms of service.
Last updated: 2026-03-27
How we protect your data
Security is not a promise we make in a sales meeting. It is documented, auditable, testable commitments.
EU hosting by default. Encryption at rest and in transit. Role-based access control. Incident response with clear timelines. And consultants working on ISO certification or management systems sign NDAs as part of the standard process - because your information deserves the same protection as ours.
Security at every layer
Six areas that protect your data - from infrastructure to process.
EU Hosting
Azure Sweden Central and West Europe for customer data. Hetzner Finland for website and logs. No customer data leaves the EU/EEA.
Encryption
AES-256 at rest, TLS 1.2+ in transit. Every connection to AmpliFlow is encrypted.
Access Control
Role-based access control, multi-tenant isolation and least-privilege by default.
Business Continuity
RPO under 1 hour, RTO under 4 hours. Automated backups with documented recovery targets.
Incident Response
Notification within 24 hours. Documented workflow from detection through resolution and review.
Infrastructure Certifications
Azure ISO 27001, SOC 1/2/3. See the full list at Microsoft.
Technical details
Every connection to AmpliFlow is protected with TLS 1.2+ The padlock in your browser - an encrypted tunnel between you and us. . Data at rest is encrypted with AES-256 Same encryption standard used by banks and governments. Practically impossible to crack. - the same standard used by banks and governments.
Access control is based on role-based access control (RBAC) You decide who sees what based on their role in the organization. . Our multi-tenant Your data is walled off from every other customer. Nobody can see your content. architecture ensures each customer's data is logically separated - nobody can see anyone else's content.
Automated backups run continuously with RPO under 1 hour At most 1 hour of data could be lost in a serious outage. In practice, much less. and RTO under 4 hours The system is restored within 4 hours after a serious outage. . Backups are stored encrypted within the EU.
Our infrastructure on Azure is certified under ISO 27001 International standard for information security management. Azure's infrastructure is certified. and undergoes independent SOC 2 Independent audit proving security controls actually work - not just exist on paper. audits. See Azure's full certification list.
Test us
We welcome responsible security testing. Want to run penetration tests Authorized simulated attack to find vulnerabilities before real attackers do. against AmpliFlow? Give us a heads-up so we can coordinate.
Since AmpliFlow runs on Azure, Microsoft's penetration testing rules apply. In practice, you can test freely without special approval - but a heads-up helps us distinguish your tests from actual attacks.
NDA and confidentiality
Consultants working on ISO certification or management systems sign non-disclosure agreements (NDA) as part of the standard process. This is not something you need to ask for - it is included.
Need a separate NDA with AmpliFlow as a company? We arrange that. SLA is available on request. A Data Processing Agreement (DPA) is included with every subscription.
Frequently asked questions about security
Do you use Intercom or similar chat tools?
Can we get an SLA?
How do you handle security incidents?
Can we perform penetration tests against AmpliFlow?
Where are backups stored?
Can individual consultants sign NDAs?
Questions about security?
Have questions about how AmpliFlow protects your data, want to coordinate penetration tests, or need an NDA - we are happy to help.
Questions about GDPR, data processing agreements, or data transfers? See our GDPR page.
Email: info@ampliflow.com