Security Overview — AmpPilot
Last Updated: February 24, 2026
Security is not an afterthought at AmpPilot — it is built into how the platform is architected, operated, and maintained. This page provides an overview of the controls and practices we maintain to protect your data and your connected accounts.
1. Access Controls
AmpPilot enforces strict role-based access control (RBAC) across all platform functions. Access to customer data is granted only on a need-to-know basis, and all internal access is logged and auditable. No AmpPilot personnel have standing access to customer account data without explicit authorization tied to a specific support or operational need.
2. Data Isolation
Every customer environment is logically isolated at the data layer. Brand-level isolation is enforced architecturally, meaning no customer's data can be accessed by, exposed to, or used to benefit any other customer. This applies to campaign data, operational decision data, connected platform credentials, and all AI-assisted outputs.
3. Encryption
All data transmitted to and from the AmpPilot platform is encrypted in transit using TLS 1.2 or higher. All data stored within our infrastructure is encrypted at rest using industry-standard encryption protocols. OAuth tokens and third-party platform credentials are stored with encryption and subject to strict access controls.
4. Infrastructure & Availability
AmpPilot is hosted on secure, enterprise-grade cloud infrastructure with built-in redundancy, automated monitoring, and availability controls. Our infrastructure providers maintain their own rigorous security certifications and compliance programs. We monitor platform health continuously and maintain internal procedures to respond to availability incidents promptly.
5. Audit Logs
AmpPilot maintains detailed audit logs of system actions, automated decisions, and user activity within the platform. Logs are retained for a defined period and are available to support incident investigation and compliance requirements.
6. Manual Override & Pause Controls
All automated actions within AmpPilot operate within constraints you define. You retain the ability to pause, override, or reverse automated actions at any time. No autonomous action can exceed the risk thresholds, budget caps, or approval rules you have configured.
7. Incident Response
AmpPilot maintains internal procedures for identifying, containing, and responding to security incidents. In the event of a confirmed breach affecting your data, we will notify affected customers promptly and in accordance with applicable law, provide clear information about what occurred and what data was affected, and take immediate steps to contain and remediate the incident.
8. Responsible Disclosure
If you discover a potential security vulnerability in the AmpPilot platform, we encourage responsible disclosure. Please report your findings to privacy@amppilot.com. We commit to acknowledging your report within 48 hours and working to address confirmed vulnerabilities promptly.
9. Security & Data Usage FAQ
Does AmpPilot train AI models on customer data?
No. Your data is never used to train, fine-tune, or improve any third-party or shared foundation model. Account-level learning may occur solely to improve your specific experience on the platform.
Is spend or performance data shared externally?
No. Operational decision data — including spend levels, budget constraints, risk thresholds, and conversion performance — remains strictly internal to your account environment and is never shared with any third party.
What data is sent to AI models?
AI models within AmpPilot may process publicly available brand and market context, content briefs and creative inputs you provide, and platform-level instructions and guardrails. AI models do not have access to your operational decision data, financial configuration, or connected platform credentials.
Who controls decisions?
All consequential decisions are made within the AmpPilot system under rules and thresholds you configure. AI assists with reasoning and content generation. It does not independently control spend, risk, or any action outside your defined parameters.
Can AmpPilot staff access my account data?
Only in limited, logged circumstances tied to a specific support or operational need, and only with appropriate internal authorization. Standing access to customer data is not permitted.
How are my connected platform credentials protected?
OAuth tokens and platform credentials are stored encrypted, subject to strict access controls, and used exclusively to provide the Service on your behalf. They are never shared with third parties and are deleted within 30 days of disconnection or account termination.
10. Contact
For security-related questions, vulnerability reports, or concerns:
AmpPilot Solutions
Email: privacy@amppilot.com
Last reviewed: February 24, 2026