• How It Works
  • About
  • Resources
  • Pricing
  • Login
  • Try Folio
  • How It Works
  • About
  • Resources
  • Pricing
  • Login
  • Try Folio

Security

Introduction: How Amitree Keeps Your Data Secure

Amitree builds products that help its customers manage business workflow in email. Given the sensitivity of this medium, security is at the center of our engineering and data science practices. Our team and technology infrastructure are held accountable to high standards of information security, code quality and scalability. Amitree maintains specific and strict internal policies that restrict any unauthorized access to our users’ data or accounts. And, as an official partner of Google and Microsoft’s secure email platforms, we have continually met or exceeded their standards of security and privacy via rigorous internal and third-party audits of our products, policies, technology, codebase and team.

Amitree’s flagship product, Folio, is an email workflow tool that uses machine learning algorithms to organize email by a meaningful business object such as a real estate transaction. Folio determines the relationships between emails and groups them with a common identifier, resulting in the creation of a Smart Folder. Smart Folders reveal the context around a real estate transaction and index all related metadata (documents, files, contacts, and user generated notes) into a contextual sidebar. This enables the following enhanced security and compliance product features:

  • Enhanced visibility: While inbox providers have gotten very good at detecting generally suspicious emails and activity, there is the opportunity for further user protection within a vertical business mailstream by detecting and flagging emails that are suspicious within the real estate transaction process. Folio understands the meaning behind real estate-specific emails, the relationships between various senders, and is able to apply verticalized business logic that can detect potentially fraudulent requests for financially sensitive information. Today, this reporting is enabled through an opt-in feature that sends an SMS to the user, but enterprise-level reporting of financial activity can be enabled upon request. The evolution and improvement of the methods used for this fraud detection will be an ongoing focus of Amitree.
  • Compliance & retention: By sorting emails into Smart Folders by transaction, a comprehensive record of all communication can be stored in a customer’s database or platform of record for compliance with legal or regulatory recordkeeping requirements and practices.

2019 Google Security Audit & Security Enhancements

In 2018, Google announced that it would be restricting access to its Gmail API to only those approved vendors that fully complied with its new requirements. In philosophy, these requirements were designed to ensure that third party apps that access a user’s most sensitive data only exist to deliver direct user value to the user and are as secure as Google’s own services. In addition, each vendor would be required to undergo a third party security audit to verify compliance, repeated annually, by a firm approved by Google.

In 2019, Amitree became one of the first companies to successfully complete the compliance requirements of the Google Verification Process and passed a third party security audit performed by offensive security testing firm Bishop Fox. Amitree regularly undergoes this process in order to ensure the highest level of security for users.

In connection with this audit, Amitree has implemented the following enhanced security practices:

  • Implementation of a bug bounty program via the HackerOne platform
  • Annual security review by Bishop Fox of our application security
  • Ongoing security training for employees and contractors
  • Movement of all processing that used occur via 3rd parties into our own infrastructure (hosted on the industry leading PaaS, Heroku)
  • Zero-access policy to any customer email by employees or contractors, even for customer support purposes (we request the customer manually forward any emails necessary for customer support to review)

Additionally, as per standard with Heroku, all of our software runs on hard-end images that are resistant to Linux CVEs. A summary of all other security measures we inherit from the platforms we use is provided at the end of this document.

Data Policy

​

Folio delivers value by turning a customer’s inbox into a structured database, sorted into Smart Folders, with contextually relevant artifacts surfaced for the customer at the right time. This means a tremendous amount of our customers’ data passes through our platform, and we are entrusted with keeping that data private and secure. We do not sell, transfer, or otherwise make public any data obtained from our customers’ email. The only circumstance wherein user data is permitted to be transferred is in a ‘change in control’ (e.g. an acquisition). This policy is enforced both by Amitree policy directly and by our adherence to our agreements with Google.

Folio by Amitree’s use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

​

Inherited Security Practices from our Platform Vendors

Independent industry standards are a good measure of whether a company’s technology infrastructure adheres to the most stringent and updated security practices to keep your data safe and secure. Amitree is deployed via Heroku, which is built on top of Amazon Web Services. Amitree builds on Amazon and Heroku’s compliance with the leading standards of privacy and information security outlined on their respective security pages, found here:

Amazon AWS Security

Heroku Security

Physical Security of Data Centers

We utilize Amazon’s distributed worldwide data centers to deliver our products, affording our products a high level of protection from physical security threats.

Amazon data centers are housed in nondescript facilities.

Physical access to Amazon data centers is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means.

Authorized staff must pass two-factor authentication a minimum of two times to access data center floors.

All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.

Amazon only provides data center access and information to employees and contractors who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services.

All physical access to data centers by Amazon employees is logged and audited routinely.

​Use of HTTPS / SSL Encryption for Secure Data Transmission

Wherever possible, Amitree utilizes HTTPS / SSL encryption when sending or receiving data from the browser. The HTTPS / SSL protocol uses public-key cryptography to prevent eavesdropping, tampering, and forgery. Our SSL certificates are 2048 bit RSA, signed with SHA256.

Feedback and Incident Reporting

​

You can send any concerns, vulnerability reports, bugs, or incidents you encounter to security@amitree.com. We offer a bug bounty program.

  • 2093 Philadelphia Pike #3004
    Claymont, DE 19703
  • info@amitree.com
  • How It Works
  • Resources
  • About
  • FAQs & Support
  • Login
  • Sign up for Free

Copyright © 2023 Amitree, Inc.

  • Terms of Use
  • Privacy
  • Security
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie Settings Accept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
_GRECAPTCHA5 months 27 daysThis cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement1 yearSet by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
elementorneverThis cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
CookieDurationDescription
S1 hourUsed by Yahoo to provide ads, content or analytics.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
CookieDurationDescription
_ga2 yearsThe _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_D23ND7CP0D2 yearsThis cookie is installed by Google Analytics.
_gat_gtag_UA_37478674_11 minuteSet by Google to distinguish users.
_gid1 dayInstalled by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT2 yearsYouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
fs_uid1 yearThis cookie is set by the provider Fullstory. This cookie is used for session tracking.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
CookieDurationDescription
_fbp3 monthsThis cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr3 monthsFacebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
NID6 monthsNID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
VISITOR_INFO1_LIVE5 months 27 daysA cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSCsessionYSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devicesneverYouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-idneverYouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextIdneverThis cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requestsneverThis cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
CookieDurationDescription
COMPASS1 hourNo description
fs_mixpanelneverNo description available.
mp_f2e400c1bb39dfe2653a021b96f9a68d_mixpanel1 yearNo description
nitroCachedPagesessionNo description
Save & Accept
Powered by CookieYes Logo