Amicus Logo
Back to Amicus

Security & Compliance

How Amicus protects your data and maintains security standards

Contents

Data EncryptionInfrastructureAccess ControlsData ResidencyComplianceIncident ResponseReport Security Issues

Data Encryption

We implement industry-leading encryption protocols to protect your data at all times:

TLS 1.3 encryption for all data in transit over the internet

AES-256 encryption for data at rest in our databases

Secure key management practices with regular rotation

Encrypted backups with redundancy across multiple geographic regions

Infrastructure

Amicus is built on enterprise-grade infrastructure with a focus on reliability, security, and performance:

Database

Supabase PostgreSQL with Row-Level Security (RLS) and automatic backups

✓ Multi-region replicas • ✓ Point-in-time recovery

Application Hosting

Vercel with edge computing and integrated DDoS protection

✓ 99.95% uptime SLA • ✓ Auto-scaling

AI Processing

Enterprise API integrations with secure key management

✓ Secure API key storage • ✓ Rate limiting

Access Controls

We maintain strict access controls to ensure only authorized users can access sensitive data:

  • JWT-based authentication with secure session management and automatic expiration
  • Role-based access control (RBAC) for administrative functions
  • Password hashing using bcrypt with industry-standard parameters
  • Multi-factor authentication (MFA) available for enhanced security
  • Audit logs tracking all administrative actions
  • Rate limiting to prevent brute force attacks

Data Residency

All customer data is stored and processed within the United States. Our infrastructure is hosted in ISO 27001-certified data centers that comply with SOC 2, FedRAMP, and other applicable regulations. We do not transfer personal data outside the US without explicit user consent and compliance with data transfer agreements.

Compliance & Certifications

We are committed to maintaining the highest standards for security and compliance:

GDPR Compliant

Data processing agreements and privacy controls

SOC 2 Type II (In Progress)

Security, availability, and confidentiality controls

Regular Security Audits

Annual penetration testing and vulnerability assessments

Incident Response

We maintain a comprehensive incident response plan to quickly address and mitigate any security concerns:

Data Breach Notification

In the event of a confirmed data breach, we will notify affected users within 72 hours in accordance with GDPR, CCPA, and other applicable regulations.

Report Security Issues

If you discover a security vulnerability or have security concerns, please report it responsibly to our security team:

Amicus Security Team

saurabh@pubkgroup.com

Please include details about the vulnerability and allow 30 days for response before public disclosure.

Last updated: January 2026