How we protect your data and the infrastructure that powers AAMOS.
All API communications are encrypted using TLS 1.3. Older protocol versions are not accepted. Certificate management is automated via Let's Encrypt.
All stored data — including customer-submitted content and database records — is encrypted at rest using AES-256 via AWS KMS.
Production infrastructure access is restricted to named individuals via hardware MFA. Role-based access control enforces least-privilege throughout. All access is logged.
Infrastructure runs in isolated VPCs with no public inbound access except API endpoints. Security groups are managed as code and reviewed quarterly.
Annual third-party penetration tests are conducted by qualified security firms. Findings are tracked to remediation. Summaries available to enterprise customers on request.
A documented incident response procedure is maintained and tested bi-annually. All security incidents are reviewed post-closure and documented for improvement.
We operate a responsible disclosure program. We do not currently run a paid bug bounty, but we acknowledge and credit researchers who report valid vulnerabilities. See our responsible disclosure guidelines below.
If you discover a security vulnerability in AAMOS infrastructure or our API, please report it to us privately before public disclosure. We commit to:
Email: security@landvex.com
PGP key available on request. Please include a proof of concept and impact assessment.