Layered protection for every workspace

Infrastructure security

• Ampairs runs on hardened cloud infrastructure with network segmentation between application, database, and messaging layers.
• Data at rest is encrypted with AES-256, while all data in transit uses TLS 1.3. Keys are rotated via managed KMS.
• Continuous monitoring with alerting on anomalous behaviour and infrastructure drift.

Application security

• Multi-factor authentication and device pinning managed by the Auth service.
• Tenant context enforcement executed in the Core and Workspace modules to prevent cross-tenant data access.
• Secure defaults in Angular and Kotlin multiplatform clients including certificate pinning and secure storage.
• Static code analysis, dependency scanning, and peer reviews integrated into `./gradlew ciBuild`.

Data protection & privacy

We minimise data collection and apply retention controls aligned with workspace policies. For more detail, see the Privacy Policy.

• Granular role-based access controls per workspace and module.
• Encrypted backups with 35-day retention and disaster recovery testing.
• Data residency options within India with regional deployment roadmap.

Compliance roadmap

Ampairs follows industry frameworks while formal certifications are under way. Our roadmap includes SOC 2 Type I (target Q4 2025) and ISO 27001. Data processing agreements and GST compliance artefacts are available on request.

Incident response

• 24×7 on-call rotation across infrastructure and application teams.
• Documented playbooks covering containment, eradication, and customer communication.
• Post-incident reviews shared with impacted customers within five business days.

Responsible disclosure

We welcome reports from the security community. If you discover a vulnerability, email security@ampairs.in with steps to reproduce. We commit to acknowledging submissions within two business days.