Skip to main content
Amplify is SOC 2 Type II compliant
Amplify’s SOC 2 Type II compliance demonstrates our commitment to protecting customer data through strong security, operational controls, and ongoing risk management.
An independent third-party auditor has verified that our controls are designed appropriately and operate effectively over time, not just at a single point. This helps customers trust Amplify with sensitive communications across fax, e-sign, forms, and Connect (call, meet, and messaging).

What is SOC 2?

SOC 2 (System and Organization Controls 2) is a security and privacy framework developed by the American Institute of Certified Public Accountants (AICPA). It defines how organizations should manage customer data responsibly. SOC 2 is based on five Trust Services Criteria:
  • Security – Protection against unauthorized access
  • Availability – System uptime and reliability
  • Processing Integrity – Accurate and complete processing
  • Confidentiality – Protection of sensitive information
  • Privacy – Responsible handling of personal data
A Type II report evaluates these controls over an extended audit period, confirming that safeguards are consistently followed in real-world operations.

What Amplify’s SOC 2 compliance covers

Amplify’s SOC 2 Type II report validates controls across our platform, including:
  • User access management and role-based permissions
  • Secure data handling across fax, e-sign, forms, and Connect
  • Encryption of data in transit and at rest
  • Monitoring, logging, and incident response procedures
  • Internal policies, employee training, and vendor risk reviews
These controls help ensure customer data remains protected throughout its lifecycle—from document upload to delivery, signing, storage, and audit logging.
SOC 2 focuses on Amplify’s internal controls. Customers are not required to configure anything to benefit from our SOC 2 compliance.

Ongoing security beyond the audit

SOC 2 compliance is not a one-time event. Amplify continuously maintains and reviews its security posture to ensure controls remain effective between audits. This includes:
  • Regular access reviews
  • Ongoing monitoring of security controls
  • Periodic policy updates
  • Security awareness training for employees
These practices help us identify risks early and maintain a strong security baseline as the platform evolves.

Requesting Amplify’s SOC 2 report

SOC 2 reports contain sensitive details about internal controls and are shared only under appropriate confidentiality terms. To request a copy of Amplify’s SOC 2 Type II report, please contact our team through your account representative or support channel. Additional information may be requested as part of the review process.
If your security team requires vendor questionnaires, compliance attestations, or supporting documentation, mention this when making your request so everything can be handled together.

Do customers need to take action?

No.
SOC 2 compliance reflects Amplify’s internal security controls and does not require customers to enable, configure, or manage any additional settings. You can continue using Amplify normally while benefiting from our certified security practices.

FAQs

SOC 2 Type II confirms that Amplify’s security controls are not only designed correctly but also operate effectively over time, helping protect customer data across fax, e-sign, forms, and Connect.
No. SOC 2 reflects Amplify’s internal security practices and does not require customers to configure or enable anything in their account.
No. SOC 2 reports contain sensitive security information and are shared only upon request under appropriate confidentiality terms.
No. SOC 2 and HIPAA address different requirements. SOC 2 focuses on security controls, while HIPAA governs how protected health information (PHI) must be handled.