Infrastructure
Cloud-native, encrypted at rest and in transit. Production workloads run in dedicated cloud accounts with no inbound network access from the internet. Data flows through hardened load balancers and WAFs.
Access
Principle of least privilege, enforced through SSO and short-lived credentials. Every privileged access is logged. Production deploys go through code review and CI checks before reaching customer environments.
Compliance
We’re happy to sign mutual NDAs and DPAs for engagements that need them. SOC 2 Type II is on our roadmap for 2026; we already follow most of its controls in practice.
Reporting a vulnerability
If you’ve found a security issue in any system we operate, please email security@amolsoft.com. We’ll acknowledge within one business day and aim to triage within three. We don’t run a paid bounty program, but we credit responsible disclosure on request.