Security you can trust

Infrastructure

• ✓Hosted on Vercel with automatic global edge distribution
• ✓Supabase Postgres with row-level security (RLS) enforced everywhere
• ✓Automated daily backups with point-in-time recovery
• ✓DDoS protection at the edge via Vercel's WAF
• ✓SOC 2 Type II certification in progress (expected Q4 2026)

Encryption

• ✓All data encrypted at rest with AES-256
• ✓All data in transit encrypted with TLS 1.3
• ✓Database-level encryption for all sensitive fields
• ✓Encryption keys managed via environment-isolated secrets

Data Residency

• ✓Primary data stored in EU (Ireland) by default
• ✓US data residency available on request
• ✓EU-only residency available on Enterprise plans
• ✓GDPR-compliant data processing agreements for all sub-processors

Access Controls

• ✓Multi-factor authentication (MFA) available for all users
• ✓Role-based access control (RBAC) with custom roles
• ✓SAML 2.0 SSO (Okta, Azure AD, Google Workspace) on Business plan
• ✓Full audit logs with actor, timestamp, and IP address

Penetration Testing

We conduct annual third-party penetration tests to identify and remediate vulnerabilities. Test reports are available to Enterprise customers under NDA.

Last test: Q1 2026 — No critical findings.

Vulnerability Disclosure Program

If you discover a security vulnerability in AmDital, please report it responsibly. We take all reports seriously and commit to acknowledging receipt within 24 hours and resolving critical issues within 72 hours.