Ambassify uses strong cryptography to protect your data at every layer. Our encryption standards follow industry best practices and are regularly reviewed to stay ahead of emerging threats.

Encryption in Transit

All data transmitted to and from Ambassify is protected with encryption.

  • TLS Encryption: All data in transit is encrypted using TLS
  • Strong Cipher Suites: We use industry-standard cipher suites that achieve an SSL Labs A+ grade. View our SSL Labs report
  • Internal Traffic: Communication between internal services is also encrypted to protect data at every hop

Encryption at Rest

Data stored on our systems is encrypted by default.

  • AES-256 Encryption: All data at rest is protected with AES-256 symmetric encryption
  • Full Coverage: All databases and storage systems are encrypted, with no exceptions

Web Certificates

Our web certificates meet or exceed current industry requirements.

  • Key Length: RSA 2048-bit or ECC 256-bit minimum key length for all certificates
  • Hash Algorithms: SHA-2 or stronger hash algorithms are used for certificate signing
  • Managed Issuance: Certificates are managed through trusted certificate authorities and monitored for unauthorized issuance

Password Storage

Passwords are stored using the strongest available protections.

  • Hashing Algorithms: Industry-standard hashing algorithms such as bcrypt, PBKDF2, scrypt, or Argon2 are used
  • Salted and Peppered: All password hashes include both a unique salt and a pepper for additional protection
  • No Plaintext: Plaintext passwords are never stored anywhere in our systems

Key Management

Encryption keys are handled with care throughout their lifecycle.

  • Best Practices: Keys are managed following industry best practices for generation, storage, and usage
  • Regular Rotation: Encryption keys are rotated on a regular schedule to limit exposure
  • Separation: Keys are stored separately from the data they protect

Standards Compliance

We keep our cryptographic standards current and aligned with industry expectations.

  • Regular Review: Cryptographic standards and implementations are reviewed regularly
  • Exception Process: A formal exception process exists for any legacy systems that cannot yet meet current standards
  • New Implementations: All new implementations must meet or exceed the latest cryptographic standards