
Encryption
We use enterprise-grade encryption to protect PII and PHI from unauthorized access. All communication between Amino members and our application is encrypted in transit, and databases / database backups are encrypted at rest.

Data access
To protect our customers' data, Amino practices least-access principles. Member data is only made available to approved employees with roles that require access to perform their primary job duties.

Third-party vendors
Every third-party vendor used by Amino goes through a thorough internal risk assessment process. We sign business associate agreements (BAAs) with any vendors accessing sensitive client data.

Pentesting and security scans
Amino conducts third-party pentests at least annually. In addition to regular pentesting, we also use static and dynamic scanning tools to monitor and detect vulnerabilities, and participate in a bug bounty program.

Responsible disclosure and bug bounty program
If you believe you have discovered a vulnerability within Amino’s application, or if you would like to participate in Amino’s bug bounty program as hosted by HackerOne, please contact our Security Engineering team by emailing security@amino.com.