Compliance frameworks, security audits, and quality certifications this company maintains.
Amplitude maintains SOC 2 Type II certification covering the security, availability, and confidentiality of the Amplitude Analytics platform, ensuring enterprise customers that behavioral event data and user identity information is handled with rigorous security controls and independent audit validation.
Amplitude holds ISO 27001 certification for its information security management systems, providing internationally recognized assurance that the processes governing Amplitude platform security, data access, and incident response meet the ISO standard.
Amplitude is compliant with the EU General Data Protection Regulation, providing EU data residency options, signed data processing agreements, and user-level data deletion APIs that enable customers to fulfill data subject rights requests for behavioral data collected via Amplitude SDKs.
Amplitude supports California Consumer Privacy Act compliance for its customers by providing APIs to suppress and delete user-level behavioral event data, enabling product teams to honor opt-out and deletion requests from California residents whose data is tracked in Amplitude.
Amplitude offers HIPAA-compliant configurations for healthcare customers that need to track product analytics without exposing protected health information, including data masking, IP anonymization, and BAA execution for enterprise accounts in healthcare and digital health sectors.
Amplitude supports PCI DSS compliance for e-commerce and fintech customers by providing configuration options to exclude payment card data fields from event tracking and ensuring that Amplitude SDK instrumentation does not capture raw cardholder data in analytics events.
Amplitude participates in the EU-US Data Privacy Framework, providing a legal mechanism for transferring behavioral event data from European users to Amplitude US infrastructure in compliance with EU cross-border data transfer requirements under GDPR.
Amplitude has completed CSA STAR Level 1 self-assessment, publishing its cloud security posture through the CSA registry to provide enterprise procurement and security teams with transparent documentation of Amplitude security controls and cloud risk management practices.
Amplitude is committed to WCAG 2.1 AA accessibility standards for the Amplitude Analytics platform, ensuring that product managers and data analysts with disabilities can access charts, funnels, cohort builders, and dashboards using screen readers and keyboard navigation.
Amplitude is certified under ISO 27017, the cloud-specific information security controls standard, ensuring that additional safeguards appropriate for a multi-tenant SaaS analytics platform are implemented to protect the behavioral event data of thousands of enterprise customers.
