top of page
Gradient Background

Security Policy

At AmplifAI Services, the security and confidentiality of our customers’ data is paramount. As a provider of advertising technology solutions—powered in part by trusted platforms like Smartly.io and Equativ—we are committed to safeguarding the digital trust you place in us.

We adhere to industry best practices, conduct ongoing risk assessments, and implement robust technical and organizational security measures to protect our systems, data, and customer information.

​

Our Security Principles

We build and maintain our systems with the following principles in mind:

  • Security by Design: Security is embedded at every stage of product development and service deployment.

  • Least Privilege: Access is tightly controlled and granted only on a need-to-know basis.

  • Transparency and Accountability: We communicate security practices and incidents promptly and clearly.

  • Resilience and Continuity: Our systems are designed to ensure availability, disaster recovery, and business continuity.

​

Infrastructure Security

AmplifAI Services operates its infrastructure in partnership with leading cloud service providers that meet stringent compliance standards such as ISO/IEC 27001, SOC 2, and GDPR. Security features include:

  • Network segmentation and firewalls

  • DDoS protection

  • Encrypted backups and replication

  • Redundancy across data centers for high availability

​

Data Protection and Privacy

All personal and advertising data is treated with confidentiality and integrity. We implement:

  • TLS encryption in transit and AES-256 encryption at rest

  • Fine-grained access controls and audit logs

  • Secure key management systems

  • Compliance with PDPA (Malaysia), DPA (Philippines), CCPA/CPRA (USA), and GDPR (EU)

​

Secure Development Lifecycle (SDLC)

We follow a secure software development lifecycle, including:

  • Code reviews and automated security scanning

  • Use of static and dynamic analysis tools

  • Regular dependency updates and vulnerability management

  • Segregation of development, staging, and production environments

  • ​

Third-Party Risk Management

We integrate with platforms such as Smartly.io and Equativ, and we assess the security and compliance posture of each third-party vendor we work with. Each vendor undergoes:

  • A security and privacy review

  • Contractual obligations around data protection

  • Ongoing monitoring of risk and performance

​

Authentication and Access Control

We enforce strict identity and access management:

  • SSO (Single Sign-On) with MFA (Multi-Factor Authentication)

  • Role-based access control (RBAC)

  • Principle of least privilege

  • Session timeout and user inactivity monitoring

​

Monitoring, Detection & Incident Response

AmplifAI maintains real-time monitoring systems and an incident response framework:

  • 24/7 system monitoring and alerting

  • SIEM (Security Information and Event Management) tools

  • Formal Incident Response Plan (IRP)

  • Post-incident analysis and remediation

​

Security Awareness and Training

All employees and contractors undergo:

  • Security awareness onboarding

  • Annual refresher training

  • Targeted sessions on phishing, social engineering, and data handling

bottom of page