Amplir Logo

Security

How Amplir Limited protects your data and ensures platform security

Last updated: 25/06/2025

Our Security Commitment

At Amplir Limited (Company Number: NI730704), a company registered in Northern Ireland, security is fundamental to everything we do. We understand that legal professionals handle sensitive information, and we've built our platform with enterprise-grade security measures to protect your data and maintain your trust.

Our security framework follows industry best practices and complies with UK data protection regulations, including UK GDPR and relevant cybersecurity standards.

Data Protection

Encryption

  • In Transit: All data is encrypted using TLS 1.3 during transmission
  • At Rest: Database and file storage use AES-256 encryption
  • End-to-End: Sensitive searches and queries are encrypted throughout processing

Data Minimization

  • We collect only the data necessary to provide our services
  • Personal data is automatically purged according to retention policies
  • Search queries are anonymized for analytics purposes

Access Controls

  • Role-based access control (RBAC) for all system components
  • Multi-factor authentication (MFA) required for all accounts
  • Regular access reviews and privilege de-escalation

Infrastructure Security

Cloud Security

  • Hosted on enterprise-grade cloud infrastructure with SOC 2 compliance
  • Geographically distributed with UK-based primary data centers
  • Automated backup and disaster recovery procedures
  • Network segmentation and firewall protection

Application Security

  • Regular security code reviews and static analysis
  • Automated vulnerability scanning and penetration testing
  • Secure development lifecycle (SDLC) practices
  • Input validation and SQL injection prevention

Monitoring & Detection

  • 24/7 security monitoring and threat detection
  • Automated anomaly detection and alerting
  • Comprehensive audit logging and forensic capabilities
  • Incident response procedures and escalation protocols

Compliance & Certifications

UK GDPR Compliance

Full compliance with UK General Data Protection Regulation, including data subject rights and lawful bases for processing.

ISO 27001 Framework

Information security management system based on ISO 27001 best practices and controls.

SOC 2 Type II

Our cloud infrastructure providers maintain SOC 2 Type II compliance for security, availability, and confidentiality.

Cyber Essentials

Working towards Cyber Essentials certification to demonstrate baseline cybersecurity measures.

Payment Security

We take payment security seriously and have implemented multiple layers of protection:

  • PCI DSS Compliance: Payment processing through Stripe, a PCI DSS Level 1 certified provider
  • No Card Storage: We never store credit card information on our servers
  • Tokenization: All payment data is tokenized and encrypted
  • Fraud Detection: Advanced machine learning algorithms detect suspicious transactions
  • 3D Secure: Support for 3D Secure authentication where required

User Security Best Practices

Help us keep your account secure by following these recommendations:

Account Security

  • Use a strong, unique password
  • Enable two-factor authentication
  • Log out when using shared devices
  • Regularly review account activity

Safe Usage

  • Keep your browser updated
  • Use secure, private networks
  • Don't share login credentials
  • Report suspicious activity immediately

Incident Response

We have established procedures to handle security incidents:

Detection & Response

  • Automated threat detection and alerting systems
  • 24/7 security operations center monitoring
  • Rapid incident containment and remediation
  • Forensic analysis and root cause investigation

Communication

  • Prompt notification to affected users
  • Transparent communication about incidents
  • Regular updates during incident resolution
  • Post-incident reports and lessons learned

Security Audits & Testing

We regularly assess and improve our security posture:

  • Penetration Testing: Annual third-party security assessments
  • Vulnerability Scanning: Continuous automated scanning for security weaknesses
  • Code Reviews: Security-focused code reviews for all changes
  • Compliance Audits: Regular audits to ensure ongoing compliance
  • Employee Training: Regular security awareness training for all staff

Reporting Security Issues

We welcome responsible disclosure of security vulnerabilities. If you discover a security issue, please report it to us immediately.

Security Contact:
Email: security@amplir.com
PGP Key: Available on request
Response Time: Within 24 hours

Please do not publicly disclose vulnerabilities until we have had a chance to investigate and address them. We are committed to working with security researchers to resolve issues quickly and responsibly.

Questions About Security

If you have questions about our security practices or need additional information for your organization's security review, please contact us:

Amplir Limited
Company Number: NI730704
Registered in Northern Ireland
Security Team: security@amplir.com
General Inquiries: hello@amplir.com
Website: amplir.com