Security at Ambect Solutions LLC.
We take the security of your data and API access seriously. Here's how we protect the platform.
Encryption in transit
All traffic is encrypted with TLS 1.2+. API endpoints are HTTPS-only. HTTP connections are rejected.
Encryption at rest
Database volumes are encrypted at rest. API keys are stored as bcrypt hashes — we never store the raw key.
API key scoping
Each API key is scoped to a single account. Keys can be rotated or revoked instantly from your dashboard.
Audit logging
Every API request is logged with timestamp, key ID, endpoint, and response code. Logs are retained for 12 months.
Infrastructure isolation
The API, database, and cache run in separate containers with no direct external access. Only the API is internet-facing via a reverse proxy.
Dependency scanning
Dependencies are scanned weekly for known CVEs. Container images are scanned on every deploy with Trivy.
Found a vulnerability?
We welcome good-faith security research. If you discover a vulnerability, please report it to security@ambect.com before disclosing publicly. We commit to responding within 48 hours and will not pursue legal action against researchers acting in good faith.
Please include reproduction steps, impact assessment, and any relevant screenshots or logs. See our full disclosure policy for scope details.