Ambassador Security Overview

At Ambassador, we prioritize security for all our clients. We’re committed to investing in securing user data and protecting customer information.

Security Compliance

Ambassador employs industry-standard practices to adhere to widely accepted security and privacy frameworks, assisting our customers in meeting their compliance requirements. We implement robust security measures and uphold policies and procedures to comply with necessary data security standards. Through our continuous improvement program, we consistently reassess and enhance our information security protocols.

Standards and Certifications

Ambassador holds SOC 2 Type II and PCI certifications. As a SaaS company, we diligently strive to meet optimal security standards to safeguard our customers against potential vulnerabilities. We undergo routine audits to maintain and update our SOC 2 Type II reports, ensuring the ongoing integrity of our certification.

Vulnerability Management Program

Data security is of utmost importance to Ambassador. In addition to periodic third-party penetration tests, we utilize a dynamic suite of vulnerability detection and mitigation tools to promptly and efficiently address new vulnerabilities.

Penetration Testing Program

Annually, Ambassador collaborates with leading external security consulting firms to conduct penetration testing on our product lines and infrastructure. Our security and development teams work closely with these partners to review findings and develop remediation plans. We perform follow-up testing to ensure the effectiveness of remediation activities and provide summary reports to our clients upon request.

Data Encryption

All communications with Ambassador are encrypted via industry-standard HTTPS/TLS (TLS 1.2 or higher) over public networks, ensuring secure transit. Data at rest in AWS is encrypted using AES-256 key encryption. Access to the database and the Key Management Service (KMS) is restricted to a select few individuals for maintenance purposes, all of whom are bound by strict legal and security safeguards, including confidentiality and non-disclosure agreements, and stringent permission management protocols.