Skip to main content
Amplify is SOC 2 Type II compliant
Amplify’s SOC 2 Type II compliance demonstrates our commitment to protecting customer data through strong security, operational controls, and ongoing risk management.
An independent third-party auditor has verified that our controls are designed appropriately and operate effectively over time, not just at a single point. This helps customers trust Amplify with sensitive communications across fax, e-sign, forms, and Connect (call, meet, and messaging).

What is SOC 2?

SOC 2 (System and Organization Controls 2) is a security and privacy framework developed by the American Institute of Certified Public Accountants (AICPA). It defines how organizations should manage customer data responsibly. SOC 2 is based on five Trust Services Criteria:
  • Security – Protection against unauthorized access
  • Availability – System uptime and reliability
  • Processing Integrity – Accurate and complete processing
  • Confidentiality – Protection of sensitive information
  • Privacy – Responsible handling of personal data
A Type II report evaluates these controls over an extended audit period, confirming that safeguards are consistently followed in real-world operations.

What Amplify’s SOC 2 compliance covers

Amplify’s SOC 2 Type II report validates controls across our platform, including:
  • User access management and role-based permissions
  • Secure data handling across fax, e-sign, forms, and Connect
  • Encryption of data in transit and at rest
  • Monitoring, logging, and incident response procedures
  • Internal policies, employee training, and vendor risk reviews
These controls help ensure customer data remains protected throughout its lifecycle—from document upload to delivery, signing, storage, and audit logging.
SOC 2 focuses on Amplify’s internal controls. Customers are not required to configure anything to benefit from our SOC 2 compliance.

Security Beyond Certification

SOC 2 compliance is not a one-time milestone. At Amplify, we maintain a continuous security and compliance program to ensure our controls remain effective and up to date. Our ongoing practices include:
  • Regular access and permission reviews
  • Continuous monitoring of security systems
  • Periodic updates to policies and controls
  • Mandatory employee security awareness training
This proactive approach allows us to identify potential risks early and maintain a strong security posture as our platform evolves.

Requesting Amplify’s SOC 2 report

Due to the sensitive nature of SOC 2 reports, access is restricted and shared only under appropriate confidentiality agreements. To request a copy of Amplify’s SOC 2 Type II report:
  • Reach out to your customer success representative, or
  • Submit a request via our Support team
If your organization requires vendor security questionnaires, compliance attestations, or related documentation, please mention this when submitting your request so we can process everything together.

Do customers need to take action?

No.
SOC 2 compliance reflects Amplify’s internal security controls and does not require customers to enable, configure, or manage any additional settings. You can continue using Amplify normally while benefiting from our certified security practices.

FAQs

SOC 2 Type II confirms that Amplify’s security controls are not only designed correctly but also operate effectively over time, helping protect customer data across fax, e-sign, forms, and Connect.
No. SOC 2 reflects Amplify’s internal security practices and does not require customers to configure or enable anything in their account.
No. SOC 2 reports contain sensitive security information and are shared only upon request under appropriate confidentiality terms.
No. SOC 2 and HIPAA address different requirements. SOC 2 focuses on security controls, while HIPAA governs the protection of healthcare information and regulatory compliance.