Security

Your security is our top priority

Our Commitment

At Amboras, we employ industry-leading security practices to protect your data and ensure the integrity of our platform. We continuously monitor, test, and improve our security measures.

Security Features

🔐Authentication & Access Control

  • • httpOnly cookies for secure token storage
  • • JWT-based authentication with refresh tokens
  • • Role-based access control (RBAC)
  • • Multi-factor authentication (MFA) available
  • • OAuth integration (Google, GitHub)

🛡️Data Protection

  • • End-to-end encryption for data in transit (TLS 1.3)
  • • Encryption at rest for sensitive data
  • • Regular automated backups
  • • Data residency options
  • • GDPR and SOC 2 compliance

🔍Monitoring & Detection

  • • 24/7 security monitoring
  • • Automated threat detection
  • • Intrusion prevention systems
  • • Real-time alerting
  • • Comprehensive audit logs

Infrastructure Security

  • • DDoS protection
  • • Web Application Firewall (WAF)
  • • Network segmentation
  • • Regular security patches
  • • Infrastructure as Code (IaC) security scanning

Compliance & Certifications

SOC 2 Type II

GDPR

ISO 27001

CCPA

PCI DSS

HIPAA Ready

Security Best Practices

We recommend following these best practices:

  • • Use strong, unique passwords
  • • Enable multi-factor authentication
  • • Regularly review access logs
  • • Keep your dependencies up to date
  • • Use environment variables for secrets
  • • Implement least privilege access
  • • Regular security training for your team

Incident Response

In the event of a security incident:

  • 1.We will notify affected users within 72 hours
  • 2.Our security team will investigate and contain the incident
  • 3.We will provide regular updates throughout the resolution process
  • 4.Post-incident analysis and preventive measures will be implemented

Responsible Disclosure

If you discover a security vulnerability, please report it responsibly:

Security Contact

security@amboras.com

Please include detailed steps to reproduce the issue and any relevant information. We will acknowledge your report within 24 hours.

We offer a bug bounty program for eligible security discoveries. All reports are reviewed by our security team and we commit to keeping you informed throughout the resolution process.

Third-Party Security

We carefully vet all third-party services and conduct regular security reviews of our vendors:

  • • Supabase (Authentication & Database)
  • • Stripe (Payment Processing - PCI DSS Level 1)
  • • Fly.io (Infrastructure Hosting)
  • • AWS (Backup & Storage)