Back to Home

    TRUST & SAFETY

    Our Approach to Security

    Last updated: April 15, 2026

    Amplifi AI takes the security of your data seriously. This page outlines the technical and organisational measures we use to protect the information you share with us. For the broader principles that shape how we teach, build, and advise on AI, see our AI Governance Framework.

    Infrastructure Security

    • All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS).
    • Our website enforces HTTP Strict Transport Security (HSTS), preventing downgrade attacks.
    • Security headers including Content Security Policy (CSP), X-Frame-Options, and X-Content-Type-Options are applied to every page to prevent common web attacks.
    • Our hosting infrastructure provides DDoS protection, automated backups, and global CDN distribution.

    Data Handling

    • We do not store payment card information. All payments are processed through PayPal, which maintains PCI DSS Level 1 compliance.
    • API keys and secrets are stored as environment variables, never in source code.
    • Personal data (names, emails, application details) is stored in encrypted databases with access controls.
    • We use server-side input validation and sanitisation on all form submissions to prevent injection attacks.

    Access Controls

    • Administrative access to our systems is limited to authorised personnel.
    • All third-party service integrations (email, analytics, payments) use API keys with minimum required permissions.
    • We do not share personal data with third parties except as required to deliver our services (email delivery via Resend, payment processing via PayPal, analytics via Google Analytics, bot protection via Google reCAPTCHA).

    Bot and Abuse Protection

    • All forms on our website are protected by Google reCAPTCHA v3 (invisible bot detection).
    • Rate limiting is applied to all form submission endpoints to prevent brute-force attacks.
    • We monitor for and block disposable email addresses in registration forms.

    Email Security

    • Our sending domain (amplifiai.co) is configured with SPF, DKIM, and DMARC authentication to prevent email spoofing.
    • All marketing emails include automatic unsubscribe links and comply with CAN-SPAM and GDPR requirements.
    • Email delivery is handled through Resend, which maintains SOC 2 Type II compliance.

    Privacy and Compliance

    • We comply with GDPR requirements for data subject rights (access, rectification, erasure, portability).
    • We maintain a public Privacy Policy, Terms of Service, and Cookie Policy.
    • Cookie consent is obtained before loading analytics or marketing cookies (GDPR-compliant default for EU/EEA visitors: essential cookies only).
    • See our full Privacy Policy for details.

    Vulnerability Disclosure

    If you discover a security vulnerability on our website, please report it responsibly to hello@amplifiai.co. We take all reports seriously and will respond within 48 hours.

    AI Governance

    As an AI company, we hold ourselves to additional standards:

    • We teach responsible AI use in all our training programmes.
    • We do not use customer data to train AI models.
    • We do not make automated decisions about individuals without human oversight.
    • Our AI Governance Framework is outlined on our website.

    Questions

    If you have questions about our security practices, contact us at hello@amplifiai.co.

    We use cookies to improve your experience and analyse site traffic. See our Cookie Policy for details.