Ambassador Security

Security Compliance

Ambassador uses industry standard practices to comply with industry-accepted general security and privacy frameworks, helping our customers meet their compliance standards. Ambassador implements security measures and maintains policies and procedures to comply with required data security standards. We continue to reassess and evaluate our security, and through our continuous improvement program, we are constantly improving our information security.

Standards and Certifications

Ambassador is SOC 2 Type II and PCI certified. As a SaaS company, Ambassador works tirelessly to meet the ideal security standards to protect our customers from security vulnerabilities. Ambassador undergoes routine audits to receive updated SOC 2 Type II reports to maintain our certification.

Vulnerability Management Program

Ambassador takes data security very seriously. In addition to our periodic third-party penetration tests, Ambassador uses a dynamic suite of vulnerability detection and mitigation tools to resolve new vulnerabilities quickly and efficiently.

Penetration Testing Program

Ambassador engages with external market-leading security consulting firms to perform penetration testing annually on our product lines as well as our infrastructure. Our security and development teams work with our penetration testing partner to review all findings and develop a plan to remediate them. We perform follow-up testing to ensure the effectiveness of the remediation activities and offer summary reporting to our clients upon request.

Data Encryption

All communications with Ambassador are encrypted via industry-standard HTTPS/TLS (TLS 1.2 or higher) over public networks. This ensures that all traffic between you and Ambassador is secure during transit. The data is then encrypted at rest in AWS using AES-256 key encryption. Only a select few people have access to the database and the KMS for maintenance purposes and, of course, are bound by extreme legal and security safeguards (such as confidentiality and non-disclosure provisions, permission management, etc.).

Security Monitoring and Accessibility

Ambassador uses multiple monitoring tools over networks, systems, and applications to detect and to block malicious traffic and network attacks and ensure ongoing health and performance, availability, and capacity. Our Security Incident Event Management (SIEM) system gathers extensive logs from essential network devices and host systems. The SIEM alerts on triggers that notify the security team based on correlated events for investigation and response.

Ambassador has two-factor authentication for all customer accounts, and customers that require single sign-on (“SSO”) may do so (additional fees could apply based on the client’s subscription).

SSO packages that Ambassador currently supports include:

Okta
Microsoft 365
Google Workspace

Incident Response

Ambassador employs a comprehensive incident response plan, including a set of response playbooks and defined roles and responsibilities of everyone involved, and incorporates follow-up activities after the incident to ensure we learn from our past.

Security Monitoring and Accessibility img

For security questions, you may contact your customer success manager or email security@getambassador.com

Ambassador’s data centers are hosted with Amazon Web Services data centers in the state of Virginia in the United States. Data backups are also preserved in a US-based distributed database in Google Cloud.

Ambassador uses Amazon Web Services Relational Database Service for backups with multiple availability zones. Each Availability Zone has its own power, cooling, and network connectivity and thus forms an isolated failure domain. Additional backups are made to a Google Cloud environment that distributes multiple copies of data across the US, mitigating the already rare possibility of a complete loss of data in AWS.

Your customer success team can help you obtain access to Ambassador’s online Security and Compliance Kit. There you will be able to access Ambassador’s security resources.

Ambassador does permit certain customers (e.g. Enterprise customers) the ability to perform audits beyond an inspection of the reports, questionnaires, and other artifacts available in the kit.

Yes. Ambassador maintains a comprehensive set of security policies and procedures in accordance with SOC 2 Type II and PCI security frameworks.

Due to the sensitive nature of the material contained in the report, and the copyright requirements of the assessing firm, we can only share our SOC 2 report with eligible customers. An MNDA must be executed before the report can be viewed. For more information, please contact your sales representative or our customer success team.

Yes. Ambassador maintains a Disaster Recovery and Business Continuity plan that supports a robust business continuity strategy for the production services and platforms.

Yes. Ambassador can provide copies of our security policies to customers upon written request. Please note that a mutual non-disclosure agreement must be signed and in place in order to receive requested policies.

Yes. Ambassador can provide copies of our penetration tests and vulnerability scan reports to eligible customers (e.g. Enterprise) upon written request. Please note that a mutual non-disclosure agreement must be signed and in place in order to receive the requested penetration testing report.

Ambassador does permit eligible customers to perform penetration testing on our services. Ambassador operates a comprehensive penetration testing program. Ambassador’s penetration testing executive summary reports are available through your sales representative or the customer success team.

Ambassador provides all clients with access to our support teams, which are available to assist in handling urgent matters.

Ambassador will notify affected customers about a breach of security compromising customers' data. Additionally, customers are able to subscribe to service updates at status.getambassador.com to learn about general service availability, maintenance operations, or general security issues.

Industries

Retail & eCommerce

eLearning, Training, & Education

Solar Energy & Renewables

Residential and Home Services

Financial Services and Fintech

Telecommunications and ISP

B2B SaaS and Cloud-Based

Use Cases

Generate more referrals

Multi-tiered loyalty points programs

Track & manage your affiliates

Engage your customers

Increase conversions

Run a partner program

Incentivize employee referrals

Generate customer reviews

Increase your brand reach

Reduce customer churn

Create customer feedback loops

Collect zero-party customer data

Grow product adoption

Tracking and payouts for sales leads

Collect UGC

Loyalty Launch Guide

Programs

Referrals & Advocacy

Loyalty & Engagement

Affiliate Management

Partnership Programs

Customer Reviews

Customer Feedback

Features

(Mobile) Portal

RAF

Asset Library

Reward Panel

Tasks

Badges

Share Links & QR Codes

Click and Source Tracking

Flow Builder

Welcome Message

Forms

Registration

Landing Page

SSO

AI Fraud Detection

Visual Editor

Integrations

Salesforce Native Package

Integrations Library

API Documentation

Build vs. Buy

Case Studies & Reports

Retail & Commerce

Education & Online Learning

Solar Energy & Renewables

Residential Home Services

Financial Products & FinTech

Telecommunications & Internet Services

eBooks

Referrals & Advocacy

Loyalty & Engagement

Affiliate Management

Partnership Programs

Blog

Referral Marketing

Affiliate Management

B2B

Customer Loyalty

Partnership Programs

B2C

ROI Calculator

Refer & Earn!

Ambassador Security

Security Compliance

Standards and Certifications

Vulnerability Management Program

Penetration Testing Program

Free resources,
Straight to your inbox.