Data Security
Amplemarket encrypts data at rest and in transit for all of our customers. We use tools like Google Cloud Platform’s Cloud Key Management solution to manage encryption keys using hardware security modules for maximum security in line with industry best practices.
Application Security
Amplemarket regularly engages some of the industry’s best application security experts for third-party penetration tests. Our penetration testers evaluate the source code, running application, and the deployed environment. Additionally, we make available a vulnerability disclosure form that will allow any security researchers to make us aware of potential security related issues in our product and systems.
Amplemarket also uses high-quality static analysis tooling provided by GitHub Advanced Security such as Secrets Scanner, and Dependabot, as well as SonarQube’s code quality and vulnerability scanning to secure our product at every step of the development process.
Infrastructure Security
Amplemarket uses Google Cloud to host our application. We make full use of the security products embedded within the GCP ecosystem, including CKM, Secrets Manager, Cloud Audit Logs, Identity-aware Proxy, and Event Threat Detection.
In addition, we deploy our application using containers that run on GCP managed services, meaning we typically do not manage servers or Compute instances in production.