Amboras

Security

How we keep your store safe.

Your security is our top priority. We employ industry-leading practices to protect your data and ensure the integrity of our platform.

Contact security

Our commitment.

At Amboras, we employ industry-leading security practices to protect your data and ensure the integrity of our platform. We continuously monitor, test, and improve our security measures.

Security features.

Authentication and access control

  • httpOnly cookies for secure token storage
  • JWT-based authentication with refresh tokens
  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA) available
  • OAuth integration (Google, GitHub)

Data protection

  • End-to-end encryption for data in transit (TLS 1.3)
  • Encryption at rest for sensitive data
  • Regular automated backups
  • Data residency options
  • GDPR and SOC 2 compliance

Monitoring and detection

  • 24/7 security monitoring
  • Automated threat detection
  • Intrusion prevention systems
  • Real-time alerting
  • Comprehensive audit logs

Infrastructure security

  • DDoS protection
  • Web Application Firewall (WAF)
  • Network segmentation
  • Regular security patches
  • Infrastructure as Code (IaC) security scanning

Compliance and certifications.

SOC 2 Type II

Audited security controls

GDPR

EU data protection

ISO 27001

Information security management

CCPA

California privacy compliance

PCI DSS

Payment card security

HIPAA Ready

Healthcare data readiness

Security best practices.

We recommend following these practices to keep your store secure.

  • Use strong, unique passwords.
  • Enable multi-factor authentication.
  • Regularly review access logs.
  • Keep your dependencies up to date.
  • Use environment variables for secrets.
  • Implement least privilege access.
  • Regular security training for your team.

Incident response.

In the event of a security incident, here is what happens.

  1. 01We notify affected users within 72 hours.
  2. 02Our security team investigates and contains the incident.
  3. 03We provide regular updates throughout the resolution process.
  4. 04Post-incident analysis and preventive measures are implemented.

Responsible disclosure.

If you discover a security vulnerability, please report it responsibly. Include detailed steps to reproduce and any relevant information. We acknowledge reports within 24 hours.

We offer a bug bounty program for eligible discoveries. All reports are reviewed by our security team and we commit to keeping you informed throughout the resolution process.

Security contact

security@amboras.com

Third-party security.

We carefully vet all third-party services and conduct regular security reviews of our vendors.

  • SupabaseAuthentication and database
  • StripePayment processing, PCI DSS Level 1
  • Fly.ioInfrastructure hosting
  • AWSBackup and storage