![](https://cdn.prod.website-files.com/5f6cf7fb95bd35f9cb7a426a/62b4ca1c3218d56a14409889_Security_Encryption%402x.png)
Encryption
We use enterprise-grade encryption to protect PII and PHI from unauthorized access. All communication between Amino members and our application is encrypted in transit, and databases / database backups are encrypted at rest.
![](https://cdn.prod.website-files.com/5f6cf7fb95bd35f9cb7a426a/62b4ca1c3218d541ad409887_Security_Access%402x.png)
Data access
To protect our customers' data, Amino practices least-access principles. Member data is only made available to approved employees with roles that require access to perform their primary job duties.
![](https://cdn.prod.website-files.com/5f6cf7fb95bd35f9cb7a426a/62b4ca1c3218d5c8f9409885_Security_Third-Party%402x.png)
Third-party vendors
Every third-party vendor used by Amino goes through a thorough internal risk assessment process. We sign business associate agreements (BAAs) with any vendors accessing sensitive client data.
![](https://cdn.prod.website-files.com/5f6cf7fb95bd35f9cb7a426a/62b4ca1c3218d5c1b040988b_Security_Pentesting%402x.png)
Pentesting and security scans
Amino conducts third-party pentests at least annually. In addition to regular pentesting, we also use static and dynamic scanning tools to monitor and detect vulnerabilities, and participate in a bug bounty program.
![](https://cdn.prod.website-files.com/5f6cf7fb95bd35f9cb7a426a/62b4ca1c3218d51c1c409883_Security_Bug-Bounty%402x.png)
Responsible disclosure and bug bounty program
If you believe you have discovered a vulnerability within Amino’s application, or if you would like to participate in Amino’s bug bounty program as hosted by HackerOne, please contact our Security Engineering team by emailing security@amino.com.