Ambition applies security best practices for internal and customer-facing services so that customers can focus on their business. We implement these practices throughout every stage of handling your data... from receiving and processing to analytics and storage.
We recognize that our product only works when people trust us. From data accuracy to account security, the only way we will truly be successful is to build a two-way relationship founded upon transparency, accountability, reliability, and quite frankly... honor.
Ambition's physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
PCI Level 1
Ambition utilizes ISO 27001 and FISMA certified data centers managed by Amazon. Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
Amazon only provides data center access and information to employees who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical and electronic access to data centers by Amazon employees is logged and audited routinely.
For additional information see: https://aws.amazon.com/security
Customer Application and Data Isolation
All customer data at Ambition is isolated with unique security credentials at each level including data upload, file storage, web application, data processing, and individual databases. All external web traffic uses HTTPS and all database connections use SSL to protect data in transit.
To report a security vulnerability, the Ambition Security team can be reached at firstname.lastname@example.org.
For sensitive communication you may use the following PGP key. The fingerprint is
6B02 951A 19F8 B094 6A84 3D5C 5C7B E7E4 160D 5347
-----BEGIN PGP PUBLIC KEY BLOCK----- mQENBFN03VIBCADITjG5ikfigpJo/pKGMm5+psnrQJfY5s7sJcUrQ2tr6PHJMu6H yQQ5AJMluDH3ysoRKji41vZEXGPfi5X2zrTj0WzsYSPcpJe14uMkyGjrf8fTFE0I Px4Mw857ma9Bns+mE3H1BZADEtBS4ALo5BK1aAQ3ZvV0vW64X78/oWSy7K/meYAj 5l/NhvlRd1UFTxtvj7iUIgWmTmuqB2Ravw1Jhzg5bjqGbH4TcRxguA+jEgyBX89B qQ8E9vxupMye83ZqLtbU9rGq7AHLjIDnIeJ7B+g/MrYdIh5kNuM6epsiHemTM2Bj 9cVClI3ZdjeT0KppVUPb7vQOWyhxKqJQlg/XABEBAAG0KUFtYml0aW9uIFNlY3Vy aXR5IDxzZWN1cml0eUBhbWJpdGlvbi5jb20+iQE9BBMBCgAnBQJTdN1SAhsDBQkH hh+ABQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEFx75+QWDVNHR1IH/2i/LXo6 qli899Vsu00AcsP2ejJp3zVRGsTW7RTFGIeMLfbVqoQ9YNJbfPr6h8hzxKpicTdz fz2VdNHogeIEPydNXpEl/LoFhlgJ5pqf/UvmYRuwzyUBX8OVMRnq/jPPAWiM0lGs 1Ivv9hT6Obf5wkCfTuz345rwCWll7p8lLYfBaQYWsqzxeRz+Af6RXRrHc/Wtzs+h UdzzN/Qj07SYWHttDXUQZQzDuuhPuFUS+G7IbjSxyQUdhv3658Gnbtv0dqkfskun ksLyu4SZl2IphBlpf6fAbKI6Ze3EtoX+ydAAESwyZ513g5cqVcC1VoOUzaGmlFOr WIUUcpp4aXDXxdu5AQ0EU3TdUgEIAMVjXOxPmipFyXgdo6IDgoEYBF3nuv1S3SoH P1bjxH845yYm6MDfggCxLAAF3blgnCPVw9/85jeWxD2vjcXY4JpC/A11KA12VhbO MLdv8RD/5cyxLMS5W97+LHLs5Ek1+F93HRYQG5SZLqgfDvlBWP5QHqSIGuzFBW3L d2nWEEMzzMxqB+ALw44rxfLWj2p+JO+XS5Weir+r/haaE+4MXoyA/C6ZdGnwO3J0 RvcuV5U1FsfkWK1aHc6Fi1j8a8c7XJEi3l6ki3eqCVfSg12TSTt8gwyrNtV3vvtg WdrOcOHxXKoayM7hYJvhDp25FOy/5H9AmWQ1SJDQnoGsiSGWZMUAEQEAAYkBJQQY AQoADwUCU3TdUgIbDAUJB4YfgAAKCRBce+fkFg1TRw1fCAC3PQWbGGXt+c1adjl8 6UwmvrzjmhoYCZ/CNq4UPl1F9dlJsT9k1SpOvxVbE3izSQ/PA66GsRvYsXHBbDzA 51+r5/uB4GGlF6Gw+92MR8Mtb/eXY/NVyG4bSzswRKvuIQNlUrLbR/qtwe2u59zp XU/HLb2yCIB/pP7T0FliPDXHECZqADIbv/CjKVfNFZQhMcHjjtjcFfE0W0HwBl56 mmxcQ3GzTrOtIPNVdAkFZdonaHH8hdEAsD8zZowY7mf+JK+JAmV9sa++zh89SsMY EGSxGNUNBd98H2/uu9+5XIQRBEcXK/KKjh/xPZIXKWDVRTudXdHZ33HhQKDqJ3Z9 tuRJ =6aHB -----END PGP PUBLIC KEY BLOCK-----