Skip to main content
Amplify is built with security at its core. Across fax, e-sign, forms, and Connect (calling, messaging, and meetings), Amplify protects sensitive business and healthcare data using industry-recognized security controls, compliance frameworks, and operational safeguards.

Overview

Since 2008, we have supported secure document exchange and communications for millions of users worldwide. Our platform is trusted by healthcare providers, enterprises, and regulated organizations that require reliability, compliance, and strong data protection. Amplify’s security program is designed around:
  • Strong encryption standards
  • Secure and redundant cloud infrastructure
  • Role-based access controls
  • Continuous monitoring and auditing
  • Independent compliance validation
These security practices apply consistently across all Amplify products and modules.

Infrastructure & reliability

Cloud architecture

Amplify operates on Amazon Web Services (AWS) using enterprise-grade cloud infrastructure. Core protections include:
  • Multiple availability zones for fault tolerance
  • N+1 redundancy to eliminate single points of failure
  • Enterprise-grade physical and network security
  • High availability backed by resilient architecture

Cloudflare protection

Amplify uses Cloudflare to strengthen application and network security, including:
  • DDoS protection
  • Web application firewall (WAF)
  • Secure global content delivery
  • TLS encryption enforcement
  • Real-time threat detection and mitigation
Cloudflare helps protect Amplify against malicious traffic and availability-based attacks.

Fax delivery reliability

For fax-specific transmission, Amplify uses:
  • Dedicated fax-only transmission lines
  • Premium Tier-1 carrier networks
  • Smart routing with automatic failover
  • Error Correction Mode (ECM) and delivery optimization
These controls help ensure reliable and secure fax delivery.

Voice, messaging & meetings security

Voice calling security

Amplify protects voice communications using secure, real-time communication standards designed to prevent unauthorized access or interception. Voice calling safeguards include:
  • Encrypted call signaling using TLS
  • Secure media streams during active calls
  • Protected call setup and session handling
  • Secure storage of call metadata and voicemails
These controls help ensure call privacy and integrity throughout the communication lifecycle.

Messaging security

Amplify messaging protects message content during transmission and storage using platform-wide security controls. Messaging safeguards include:
  • Encrypted message delivery in transit
  • Secure storage of message history
  • Role-based access to conversations
  • Activity logging for audit and oversight
Messages remain within Amplify’s secure infrastructure and follow the same access and retention policies as other communications.

Meetings security

Amplify meetings are designed for secure collaboration between authorized participants. Meetings security features include:
  • Secure meeting links and session identifiers
  • Controlled participant access
  • Encrypted audio and video streams
  • Protected handling of meeting metadata
Meetings security is enforced automatically and does not require additional configuration by administrators.

Data encryption & protection

Encryption standards

All data processed by Amplify is protected using strong encryption:
  • AES-256 encryption for data at rest
  • TLS encryption for data in transit
  • Secure HTTPS connections for web and API access
These protections apply across fax, e-sign, forms, and Connect services.
Encryption is enforced by default and does not require manual configuration.

Access controls & authentication

Amplify enforces strict access management through:
  • Authentication for all access points
  • Role-based permissions and licenses
  • Optional Multi-Factor Authentication (MFA)
  • Single Sign-On (SSO) on eligible plans
Review user roles regularly and enable MFA to reduce unauthorized access risk.

Audit trails & activity logging

Amplify provides audit trails to support compliance and accountability, including:
  • Document activity and timestamps
  • Sender and recipient actions
  • Access and status changes
  • Delivery confirmations
Audit logs support internal reviews, investigations, and regulatory requirements.

Compliance & certifications

SOC 2 Type II

Amplify is SOC 2 Type II compliant, confirming that our security controls are:
  • Properly designed
  • Consistently enforced
  • Independently audited over time
The SOC 2 audit evaluates controls related to security, availability, and confidentiality across Amplify’s systems.
SOC 2 reports are available to customers upon request as part of vendor due diligence.

HIPAA readiness

Amplify supports HIPAA-compliant workflows when used appropriately and under a signed Business Associate Agreement (BAA). HIPAA safeguards include:
  • Encrypted document storage and transmission
  • Secure fax delivery workflows
  • Access controls and audit logging
  • Independent compliance validation
HIPAA compliance is a shared responsibility. Customers must follow internal policies and proper usage guidelines.

GDPR

Amplify supports GDPR-aligned data protection practices, including:
  • Purpose-limited data processing
  • Secure data handling and encryption
  • User access and data export capabilities
  • Controlled data retention and deletion
These measures support customer obligations under EU data protection regulations.

PCI & payment security

Amplify uses PCI-compliant payment processors for billing and subscription management. Payment security includes:
  • PCI DSS–compliant third-party processors
  • Secure tokenization of payment data
  • Encrypted transmission of billing information
  • No storage of raw card data on Amplify servers
Payment data is handled exclusively by certified payment providers.

Data handling & retention

Amplify follows strict data-handling principles:
  • Data is processed only to deliver services
  • Temporary transmission data is cleared after delivery
  • Retention policies apply after account cancellation
  • Secure deletion follows industry-recognized standards
Customers may export their data prior to account termination.

Business continuity & incident response

Business continuity

Amplify maintains tested Business Continuity and Disaster Recovery (BCP/DR) plans, including:
  • Multi-region cloud redundancy
  • Encrypted backups with defined retention
  • Periodic disaster recovery testing

Incident response

If a security incident occurs, Amplify follows established procedures for:
  • Immediate investigation and containment
  • Access restriction where required
  • Customer notification in line with legal obligations
  • Post-incident remediation and review

Security best practices for customers

To maximize security when using Amplify:
  • Use strong passwords and enable MFA
  • Assign access based on job responsibilities
  • Verify recipients before sending sensitive information
  • Log out from shared devices
  • Keep devices and browsers updated

FAQs

Amplify uses AES-256 encryption at rest, TLS encryption in transit, secure AWS infrastructure, Cloudflare protection, and role-based access controls.
Yes. Amplify is SOC 2 Type II compliant, with independently audited controls covering security, availability, and confidentiality.
Yes. Amplify supports HIPAA-ready workflows, GDPR-aligned practices, SOC 2 compliance, audit trails, and secure access controls commonly required by regulated organizations.