We use enterprise-grade encryption to protect PII and PHI from unauthorized access. All communication between Amino members and our application is encrypted in transit, and databases / database backups are encrypted at rest.
To protect our customers' data, Amino practices least-access principles. Member data is only made available to approved employees with roles that require access to perform their primary job duties.
Every third-party vendor used by Amino goes through a thorough internal risk assessment process. We sign business associate agreements (BAAs) with any vendors accessing sensitive client data.
Pentesting and security scans
Amino conducts third-party pentests at least annually. In addition to regular pentesting, we also use static and dynamic scanning tools to monitor and detect vulnerabilities, and participate in a bug bounty program.
Responsible disclosure and bug bounty program
If you believe you have discovered a vulnerability within Amino’s application, or if you would like to participate in Amino’s bug bounty program as hosted by HackerOne, please contact our Security Engineering team by emailing firstname.lastname@example.org.