Amitree builds products that help its customers manage business workflow in email. Given the sensitivity of this medium, security is at the center of our engineering and data science practices. Our team and technology infrastructure are held accountable to high standards of information security, code quality and scalability. Amitree maintains specific and strict internal policies that restrict any unauthorized access to our users’ data or accounts. And, as an official partner of Google and Microsoft’s secure email platforms, we have continually met or exceeded their standards of security and privacy via rigorous internal and third-party audits of our products, policies, technology, codebase and team.
Amitree’s flagship product, Folio, is an email workflow tool that uses machine learning algorithms to organize email by a meaningful business object such as a real estate transaction. Folio determines the relationships between emails and groups them with a common identifier, resulting in the creation of a Smart Folder. Smart Folders reveal the context around a real estate transaction and index all related metadata (documents, files, contacts, and user generated notes) into a contextual sidebar. This enables the following enhanced security and compliance product features:
In 2018, Google announced that it would be restricting access to its Gmail API to only those approved vendors that fully complied with its new requirements. In philosophy, these requirements were designed to ensure that third party apps that access a user’s most sensitive data only exist to deliver direct user value to the user and are as secure as Google’s own services. In addition, each vendor would be required to undergo a third party security audit to verify compliance, repeated annually, by a firm approved by Google.
In 2019, Amitree became one of the first companies to successfully complete the compliance requirements of the Google Verification Process and passed a third party security audit performed by offensive security testing firm Bishop Fox. Amitree regularly undergoes this process in order to ensure the highest level of security for users.
In connection with this audit, Amitree has implemented the following enhanced security practices:
Additionally, as per standard with Heroku, all of our software runs on hard-end images that are resistant to Linux CVEs. A summary of all other security measures we inherit from the platforms we use is provided at the end of this document.
Folio delivers value by turning a customer’s inbox into a structured database, sorted into Smart Folders, with contextually relevant artifacts surfaced for the customer at the right time. This means a tremendous amount of our customers’ data passes through our platform, and we are entrusted with keeping that data private and secure. We do not sell, transfer, or otherwise make public any data obtained from our customers’ email. The only circumstance wherein user data is permitted to be transferred is in a ‘change in control’ (e.g. an acquisition). This policy is enforced both by Amitree policy directly and by our adherence to our agreements with Google.
Folio by Amitree’s use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
Independent industry standards are a good measure of whether a company’s technology infrastructure adheres to the most stringent and updated security practices to keep your data safe and secure. Amitree is deployed via Heroku, which is built on top of Amazon Web Services. Amitree builds on Amazon and Heroku’s compliance with the leading standards of privacy and information security outlined on their respective security pages, found here:
We utilize Amazon’s distributed worldwide data centers to deliver our products, affording our products a high level of protection from physical security threats.
Amazon data centers are housed in nondescript facilities.
Physical access to Amazon data centers is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means.
Authorized staff must pass two-factor authentication a minimum of two times to access data center floors.
All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
Amazon only provides data center access and information to employees and contractors who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services.
All physical access to data centers by Amazon employees is logged and audited routinely.
Use of HTTPS / SSL Encryption for Secure Data Transmission
Wherever possible, Amitree utilizes HTTPS / SSL encryption when sending or receiving data from the browser. The HTTPS / SSL protocol uses public-key cryptography to prevent eavesdropping, tampering, and forgery. Our SSL certificates are 2048 bit RSA, signed with SHA256.
Our incident reporting disclosure program is administered through HackerOne, which is the designated platform for submitting all reports.