At Amirra, we prioritize the security, privacy, and reliability of your data. Our platform is designed to provide a safe and dependable environment for all users.

Hosting

Cloud Infrastructure: Amirra is hosted on Microsoft Azure, a leading cloud service provider known for its robust security, compliance, and reliability standards.

Data Residency

All data is stored within Microsoft Azure data centres located in the United States. We recognise some clients require in-region data storage for compliance; regional hosting in Europe, Canada, and APAC is part of our 2025 roadmap. Please contact us to discuss your specific data residency needs.

Data Security

Encryption: Data is encrypted both in transit (using TLS 1.2 or higher) and at rest using AES-256 encryption standards, ensuring information is secure as it moves between users and our servers, and while stored.

Access Control: Access to customer data is strictly limited to authorised personnel on an as-needed basis, following role-based access controls and least privilege principles.

Authentication: We require strong user authentication. Clients can integrate with Single Sign-On (SSO) providers such as Microsoft Azure AD, Okta, and Google Workspace for enhanced account security and streamlined access management.

Compliance

GDPR Compliance: Amirra is committed to General Data Protection Regulation (GDPR) compliance. We process and store personal data in line with applicable data protection laws and maintain appropriate Data Processing Agreements (DPAs) with our customers.

Data Privacy: We do not share customer data with third parties except as required to provide the Amirra service or comply with legal obligations. For details, see our Privacy Policy.

Certifications: Amirra leverages Microsoft Azure’s ISO 27001, SOC 2, and GDPR compliance frameworks. Our internal SOC 2 Type II certification process is underway in 2025 to further demonstrate our security posture to clients.

Backups & Recovery: Regular encrypted backups are performed with a standard Recovery Point Objective (RPO) of 24 hours and a Recovery Time Objective (RTO) of 4 hours to ensure data can be restored efficiently in the event of accidental deletion or system failure.

Incident Response

Breach Notification: Amirra has a documented incident response plan. In the event of a data breach affecting customer data, we will notify impacted clients without undue delay, in line with GDPR and applicable regulatory requirements.

Testing & Vulnerability Management: We conduct regular vulnerability assessments, code reviews, and penetration tests with external security partners to identify and remediate potential risks proactively.

Data Retention & Deletion

Retention Policy: Customer data is retained for the duration of the contract. Upon termination, data is securely deleted within 30 days unless otherwise requested, in line with GDPR data minimisation principles.

Data Deletion Requests: Clients can request permanent deletion of user data at any time by contacting our support team or your Customer Success Manager.

Third-Party Integrations

Amirra integrates with select third-party tools to enhance your experience. All integrations undergo security and compliance reviews, and Data Processing Agreements are maintained with all vendors handling personal data.

GDPR

To provide our services efficiently, Amirra engages with a small number of trusted subprocessors. These include Microsoft Azure for secure cloud hosting, with data stored exclusively in the United States for US-based clients and exclusively in German data centers for clients located outside the US, ensuring data residency compliance. We also work with select integration providers, such as email delivery and authentication partners, to enable platform features. All subprocessors are contractually required to maintain data protection and security standards equivalent to our own. We will notify clients in advance of any intended changes to these subprocessors, as required under GDPR Article 28(2).

Continuous Improvement

We regularly review and update our security controls, policies, and practices to meet evolving industry standards and ensure the ongoing safety and reliability of our platform.