A M A R A . A I

Data security is our utmost priority.

Our platform provides multiple layers of security to protect your employees data and conversations with AMARA.

Trusted by large enterprises

This page summaries some of the measures we have in place to ensure your data is safe.

People security

Data security training
To increase awareness about security we ensure that all the new employees attend a mandatory session on Information Security. Apart from this, there’s also a yearly training for all the employees.
Background checks
It’s mandatory that all the candidates should go through a security check before being offered a senior position at Squadgain Techlabs.

Product Security

Account Security

To prevent unauthorized access, Amara supports 2FA Authentication. To access your Amara’s account, apart from a user name and password, users can also activate a phone/email based OTP verification to create another layer of security.

Vulnerability Management

Squadgain Techlabs makes use of third-party services for VAPT(Internal vulnerability scanning and external perimeter testing). Security patches are automatically applied on all the systems whenever available.

Development Lifecycle

Developers at Squadgain follow certain security guidelines to make sure the products we create are secure in design, during development and after deployment.Security testing and Risk analysis activities are part of our secure SDLC process. Internal pen testing using open source tools like Open VAS is done on staging before every release to ensure that there are no vulnerabilities or risks in the release branch and another scan is done on production post release.

Encryption

We use encrypted connections (HTTPS, SSL, TLS, FTPS, etc) to protect the contents of data in transit. AWS KMS CMKs symmetric keys and asymmetric keys are used to encrypt data at rest for Database (RDS), Storage Volumes (EBS), Static Resources(S3), ElastiCache, Route 53, Lambda. AWS KMS CMKs are protected by hardware security modules (HSMs) that are validated by the FIPS 140-2 Cryptographic Module Validation Program Automatic rotation is enabled for CMKs.

Monitoring & Vulnerability

Incident Reporting
All critical incidents are monitored and reported 24/7 through email. A dedicated team monitors and identifies the threat.
Audit Logging and Monitoring
All computing resources not limited to server, desktops, laptops, network devices are monitored to ensure conformity to logical access policies and procedures.

Network Infrastructure Security

Asset Management

We have a well documented Asset Management Policy in place which defines Asset management practices that are used to ensure that technology assets are properly allocated to end-users to optimize usage and workplace productivity

Application Firewalls

All our applications are placed behind a Web Application Firewall(WAF) that helps protect our web applications or APIs against common web exploits and bots that may affect availability, compromise security, or consume excessive resources.

Infrastructure Management

We employ robust access controls to limit access to infrastructure. Any access to our infrastructure is logged and we restrict any direct access to the production infrastructure. Access to infrastructure components go through a strong approval process and the access is routed via a bastion host to prevent any attack from the public internet.

Redundancy

All our applications are reliable, fault-tolerant, and highly available as we have servers in multiple availability zones placed under load balancers and are auto-scalable. Our systems are designed to remain in operation even if some of the components used to build the system fail.

Physical Security

Data Center Security
Squadgain utilizes AWS data centers for all the production data & customer information. AWS provides enterprise encryption and security. They also make sure to continuously monitor their cloud infrastructure for suspicious activity. To know more you can visit – https://aws.amazon.com/security/
Office Security
Squadgain has security policies and protocols that manage the entry of employees and visitors to our office locations. Employees, contractors and visitors are provided access badges that clearly distinguish the roles and provide access to physical locations based on their roles. CCTV cameras are used to monitor specific areas of the workspace.

Disaster recovery

Data backup

Regular backups with high redundancy are performed for all Squadgain customers. For EC2 instances automatic AMI's are created everyday. An Amazon Machine Image (AMI) stores the information required to launch an instance. Using AWS AMI’s we can launch a machine with the stored configuration at any point in time. All the data stored on the EBS volumes associated with our EC2 instances are backed up to Amazon S3 by taking point-in-time snapshots. Automatic backups are also created for the databases and the database can also be restored to any point back in time upto 72 hours. All the backups are encrypted. We use AWS Backup to centralize and manage data backups and protection across various AWS services

Security compliance

ISO 27001:2013

We follow the guidelines and policies which are aligned with the ISO 27001:2013. It is one of the most widely recognized independent international security standards. You can get access to the certificate by writing to Privacy@hirexp.com

Our GDPR readiness checklist

DPA updated Terms of service updated Privacy Policy updated Data Protection Officer appointed GDPR training given to all employees that handle customer data

Amara manage large number of conversations for small, medium & large organizations across the globe. All these companies trust us for their data security. To fulfill this, we’ve made sure to put the right security policies and procedures in place.

Global Compliance Certifications

If you have any questions or concerns about our Policies, data collection or data processing practices, please contact us at the privacy@amara.ai

Are you ready?

To boost your employees’ happiness quotient and future-proof your business

Request demo