Get Started
Data
Analytics
Session Replay
Experiment
Admin
CDP
SDKs APIs
Partners
FAQ
Data Tables Event Segmentation Funnel Analysis Personas Retention Analysis The datepicker The dotted line in Amplitude charts User Composition User counts from past events User Sessions
Experiment duration estimates Mutual exclusion groups Sequential testing Statistical significance
Block and filter internal users Channel classifier Firefox ingestion failure Hide, block, or delete and event or property Instrumentation Missing data Missing mobile attribution events Modify or delete historical data Segment-Amplitude integration Send data to Amplitude Transformations
Access issues Behavioral cohorts Data discrepancies with other platforms Data export Experiment Analysis Export CSV files HTTP v2 API vs Batch Event Upload API Instrument on third-party site builders iOS 14 changes Limits New orgs can't open the menu Plus plan Security and Privacy Startup scholorship plan Unexpected values in user counts
FAQ
/
Security and Privacy

Security and Privacy

This article covers some frequently asked questions about Amplitude's security and privacy policies.

Feature availability

Amplitude has a built-in compliance feature that meets standards for SOC2 Type 2, GDPR, HIPPA, CCPA, and Privacy Shield. It is available to users on Starter, Plus, Growth, and Enterprise plans.

What are the terms of Amplitude's service and privacy policy?

Amplitude provides a secure platform to explore your data, while addressing all relevant legal, industry, and regulatory concerns. The Terms of Service incorporate the Data Processing Addendum for Terms of Service (TOS DPA) and the Acceptable Use Policy (AUP).

The Privacy Notice describes Amplitude’s practices for collecting, storing, using, disclosing, and otherwise processing information in relation to visitors of the Amplitude's website; including our Community Forum and Amplitude Academy (aka, the website); and Amplitude’s marketing activities, customers accessing and using our products or services (collectively, the product).

Note

Read Amplitude's Terms of Service and Privacy Policy carefully to understand the policies and practices regarding your information collected through the website and the product. 

For other security and privacy information (GDPR, CCPA, HIPPA, etc.), review Amplitude's Stance on Security & Privacy

What is the SOC2 report?

The SOC2 is a report on Amplitude’s Description of its Digital Optimization System and on the Suitability of the Design and Operating Effectiveness of Controls Relevant to Security, Availability, and Confidentiality. This is available in Amplitude's Customer Trust Portal

There you will find the following and more:

  • SOC2
  • DPA
  • ISO certification
  • Industry Standard Questionnaires (CAIQ)
  • Privacy Related Information

What is the DPA for paying and non-paying customers?

The Data Processing Addendum for Terms of Service (TOS DPA) is incorporated into and forms part of the Amplitude Terms of Service, or other written or electronic agreement between customer and Amplitude, Inc. which governs customer’s use of the Amplitude Services (as applicable, the in the Terms). Visit the Customer Trust Portal for more information.

There you will find the following:

  • SOC2
  • DPA
  • ISO certification
  • Industry Standard Questionnaires (CAIQ)
  • Privacy Related Information

What is the Bug Bounty program?

Amplitude has implemented the following ongoing security procedures:

  • Automated monthly vulnerability scanning of its source code, application, and infrastructure
  • Ad hoc scanning and testing of new features and functionality
  • Annual penetration testing of of the application, as well as the underlying cloud infrastructure by a third party penetration testing agency using traditional penetration testing methodology

Additionally, Amplitude runs a private Bug Bounty program to ensure that security issues are detected and reported as early as possible. All issues identified by any of the sources listed above are triaged, prioritized based on criticality of risk and impact, and remediated within the SLAs defined. 

If you are interested in the Bug Bounty program, please reach out to security@amplitude.com for more information on the reward system in place. 

Who can I contact for additional information or concerns? For more questions around security and compliance, please feel free to contact security@amplitude.com

For more questions around privacy, please contact privacy@amplitude.com

If you want to report any concerns, including fraud, please email reports@lighthouse-services.com and include Amplitude in the report. 

Was this page helpful?

Thanks for your feedback!

July 4th, 2024

Need help? Contact Support

Visit Amplitude.com

Have a look at the Amplitude Blog

Learn more at Amplitude Academy

Terms of Service Privacy Notice Acceptable Use Policy Legal

© 2024 Amplitude, Inc. All rights reserved. Amplitude is a registered trademark of Amplitude, Inc.