# Security

## Overview

Amondo is committed to maintaining a secure and compliant platform for all customers and users. We follow industry best practices across infrastructure, data management and organisational processes to ensure the confidentiality, integrity and availability of all data handled by the Amondo platform.

Amondo Ltd is registered with the Information Commissioner’s Office (ICO) under the Data Protection Act.

**ICO Registration Number:** ZA365772

## Infrastructure security

Amondo's core platform operates on ISO 27001–compliant infrastructure provided by [Heroku](https://www.heroku.com/policy/security) and [Amazon Web Services (AWS)](https://aws.amazon.com/compliance). All infrastructure and sub-processors used by Amondo meet equivalent standards such as ISO 27001, SOC 2 or PCI DSS.

Most core systems are hosted within the European Economic Area (EEA). Where data is processed outside of the EEA, EU Standard Contractual Clauses (SCCs) or equivalent safeguards are applied to ensure GDPR compliance.

Amondo's content delivery and security layers are supported by [Cloudflare](https://www.cloudflare.com/en-gb/network/), which provides a Web Application Firewall (WAF) and Content Delivery Network (CDN) certified under ISO 27001, SOC 2 and PCI DSS.

## Organisational and technical measures

Amondo maintains documented policies and controls that govern how data and systems are protected.

<details>

<summary>Key measures include:</summary>

* Controlled access to data and systems based on least privilege
* Encryption of data in transit and at rest
* Two-factor authentication for internal systems
* Centrally managed and monitored employee devices
* Mandatory HTTPS across all product services
* Regular access and service reviews

</details>

These measures are governed by Amondo’s internal Information Security Policy, which applies to all personnel and operations.

## Compliance

Amondo’s security and privacy practices align with GDPR and internationally recognised security frameworks. All core infrastructure providers hold certifications such as ISO 27001 and SOC 2.

## Reporting

To report a potential security issue or concern, contact **<security@amondo.com>**. Amondo encourages responsible reporting of potential vulnerabilities and reviews all submissions in line with its internal security response process.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.amondo.com/trust-and-compliance/security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.