Security & Compliance
At Amolino, security is not an afterthought—it's the foundation of everything we build. We understand that you're trusting us with your most sensitive sales data, and we take that responsibility seriously.
Certifications & Compliance
Industry-recognized security standards
CASA Tier 2 Certified
Independently verified by Google to meet Cloud Application Security Assessment standards for enterprise applications. This certification demonstrates our commitment to maintaining the highest security standards.
SOC 2 Type II
We are working towards SOC 2 Type II compliance, demonstrating our commitment to maintaining strict information security policies and procedures. Contact us for more details on our certification timeline.
GDPR & CCPA Compliant
Built from the ground up to comply with global data privacy regulations including European GDPR and California CCPA. We provide comprehensive data processing agreements and support data subject requests.
Data Protection
Enterprise-grade encryption and security
Encryption
In Transit
All data transmitted between your systems and Amolino is encrypted using TLS 1.3, the latest and most secure version of Transport Layer Security. This ensures that your data cannot be intercepted or read by unauthorized parties during transmission.
At Rest
All data stored in our databases is encrypted using AES-256 encryption, the same standard used by governments and financial institutions worldwide. This includes all customer data, credentials, and system backups.
Data Residency & Sovereignty
Infrastructure Location
Our infrastructure is hosted on Microsoft Azure in secure, tier-4 data centers. We offer data residency options to ensure your data remains in your preferred geographic region, helping you meet local compliance requirements.
Data Isolation
Each customer's data is logically isolated using industry-standard multi-tenant architecture with strict access controls. Your data is never mixed with other customers' data, and complete data segregation is maintained at all times.
Access & Authentication
Granular control over your data
Role-Based Access Control (RBAC)
Define granular permissions for every team member. Control who can view, edit, or delete data at the user, team, and organization level. Our flexible permission system ensures that users only have access to the data they need to do their jobs.
Single Sign-On (SSO)
Integrate Amolino with your existing identity provider using SAML 2.0 or OAuth 2.0. Support for Okta, Azure AD, Google Workspace, and other major identity platforms ensures seamless and secure authentication for your team.
Multi-Factor Authentication (MFA)
Require additional verification beyond passwords. Support for authenticator apps, SMS, and hardware tokens provides an extra layer of security to protect against unauthorized access.
Session Management
Automatic session timeouts, secure session tokens, and the ability to revoke access instantly ensure that your data remains protected even if credentials are compromised.
Infrastructure Security
Built on trusted cloud infrastructure
Microsoft Azure Partnership
Amolino is a verified Microsoft partner, and our infrastructure runs on Microsoft Azure's enterprise-grade cloud platform. This partnership ensures that we meet Microsoft's stringent security and compliance standards.
- ISO 27001, ISO 27017, and ISO 27018 certified infrastructure
- 99.99% uptime SLA with geographic redundancy
- Physical security controls at Azure data centers
- Automated backup and disaster recovery
Network Security
DDoS Protection
Advanced DDoS mitigation protects against distributed denial-of-service attacks, ensuring service availability.
Web Application Firewall
Protects against common web vulnerabilities including SQL injection, XSS, and CSRF attacks.
Network Segmentation
Isolated network zones with strict firewall rules limit the blast radius of potential security incidents.
Intrusion Detection
24/7 monitoring and automated alerting detect and respond to suspicious network activity in real-time.
Security Practices
Continuous monitoring and improvement
Regular Security Audits
We conduct regular internal security audits and engage third-party security firms to perform penetration testing and vulnerability assessments. All findings are remediated according to industry best practices.
Vulnerability Management
Our security team continuously monitors for new vulnerabilities and applies security patches promptly. We maintain a vulnerability disclosure program and respond to security researchers' findings within 24 hours.
Employee Security Training
All Amolino employees undergo security awareness training and are required to follow our security policies. We conduct regular phishing simulations and security exercises to maintain high security awareness.
Incident Response
We maintain a comprehensive incident response plan with 24/7 on-call security personnel. In the unlikely event of a security incident, we will notify affected customers within 72 hours and work transparently to resolve the issue.
Secure Development Lifecycle
Security is integrated into every phase of our development process. We perform code reviews, static analysis, and security testing before deploying any code to production. All code changes require approval from senior engineers.
Questions about security?
Our security team is here to help. Whether you need a security questionnaire filled out, want to discuss our compliance certifications, or have specific security requirements, we're ready to answer your questions.
For security vulnerabilities, please email security@amolino.ai with details. We take all reports seriously and respond within 24 hours.