Introduction: How Amitree Keeps Your Data Secure
As our products work in the critical environment of an agent’s Gmail account, we take security very seriously at Amitree. Our founding team is comprised of former Yahoo! engineers and executives who have extensive experience in building products since 1994 based deeply in security best-practices at tremendous scale. We have built our products on top of best-in-class secure platforms such as Amazon S3 the leading cloud storage solution used by thousands of companies worldwide, and Heroku, a cloud infrastructure platform owned and operated by Salesforce.com.
In the paragraphs that follow, we’ll describe the specifics of how we take advantage of the massive investments Amazon and Heroku have made in security infrastructure to best keep your data secure.
Compliance With Industry Standards of Security
Independent industry standards are a good measure of whether a company’s technology infrastructure adheres to the most stringent and updated security practices to keep your data safe and secure. Amitree builds on Amazon’s compliance with the following leading standards of privacy and information security:
- SOC1/SSAE16/ISAE3402 (formerly SAS70)
- DODSRG Levels 2 and 4
- PCIDSS Level1
- EU Model Clauses
- ISO9001 /ISO27001 / ISO 27017 / ISO 27018
- FIPS 140-2
- MLPS Level 3
Physical Security of Data Centers
We utilize Amazon’s distributed worldwide data centers to deliver our products to you, affording our products a high level of protection from physical security threats.
- Amazon data centers are housed in nondescript facilities.
- Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means.
- Authorized staff must pass two-factor authentication a minimum of two times to access data center floors.
- All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
- Amazon only provides data center access and information to employees and contractors who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services.
- All physical access to data centers by Amazon employees is logged and audited routinely.
Use of HTTPS / SSL Encryption for Secure Data Transmission
Wherever possible, Amitree utilizes HTTPS / SSL encryption when sending or receiving data from the browser. The HTTPS / SSL protocol uses public-key cryptography to prevent eavesdropping, tampering, and forgery. Our SSL certificates are 2048 bit RSA, signed with SHA256.
Employees with administrative access are required to maintain the highest level of security and privacy in accessing any user data for diagnosing user experience issues and bugs. We require employees with administrative access to sign in using two-factor authentication, providing an exponential increase in account security beyond that of a password alone. (As an aside, we also recommend our users enable two-factor authentication on their Google accounts to ensure themselves the highest level of protection, regardless of their use of Amitree’s products.)
Amitree adheres to best practices of continuous deployment - the method of reviewing and deploying code on an ongoing basis as we make daily improvements to our products. All of Amitree’s source code changes undergo peer review to evaluate its impact on user experience and security. In addition, all new code is passed through an extensive set of automated tests that can identify potential security regressions. Only when code has passed these tests in its ‘staging’ environment can it be deployed to the live product in ‘production.’
Service Levels & Scaling
Amitree maintains reliable uptime of its products by automatically scaling in response to increased user traffic and use. We utilize Heroku’s solution for autoscaling, load balancing, task queues and rolling deployments. Additionally, we have invested heavily in building graceful degradation into our software to reduce the impact of any inadvertent outage, especially for users of Folio in their Gmail accounts.
Feedback and Incident Reporting
You can send any concerns, vulnerability reports, bugs, or incidents you encounter to