Security & privacy

Your business data, locked down by design.

Amend was built security-first from day one โ€” every business's data is encrypted and cryptographically isolated, access is scoped to the person using it, and the AI only ever acts with your permission. Here's exactly how.

AES-256 encryption at rest Per-tenant isolation Role-based access Two-factor sign-in Encrypted backups
๐Ÿ”’

Encrypted at rest

Sensitive data is sealed with AES-256-GCM before it ever touches disk. A stolen database file is meaningless without the key.

  • A unique key is derived per business from a master secret
  • The master key lives only in the runtime โ€” never in our code
  • Each record is bound to its business, so it can't be moved between accounts undetected
๐Ÿข

One business can never see another

Isolation is enforced two ways at once: every query is scoped to your business, and one business's key can't decrypt another's data.

  • Row-level scoping on every read and write
  • Cryptographic separation on top โ€” defense in depth
  • Sign-up can't claim a name that's already taken by another business
๐Ÿ‘ค

Access scoped to the person

Owners, office managers, salespeople and field crew each see exactly what they should โ€” nothing more.

  • Least-privilege roles across the whole suite
  • Financials, documents and payments limited to the right roles
  • Enforced on the server โ€” not just hidden in the interface
๐Ÿค–

An AI that stays in its lane

Mend, your AI assistant, works within the exact same permissions as the person using it โ€” and pauses for your approval before anything leaves the building.

  • Sending invoices, payments and outreach need your one-tap approval
  • Approvals are cryptographically tied to the exact action proposed
  • Mend tells a user plainly when something is above their access โ€” it never guesses or leaks
๐Ÿ›ก๏ธ

Hardened sign-in

Getting into an account is the front door โ€” so we reinforced it.

  • Two-factor authentication and passkey sign-in
  • Automatic lockout on repeated failed attempts
  • Change your password and every other device is signed out instantly
๐Ÿ’พ

Your data is safe โ€” and yours

Encrypted, backed up automatically, and never sold.

  • Automated encrypted backups so your history is never lost
  • Export or delete your business's data at any time
  • We help you win work โ€” we never sell or expose your business

Security isn't a plan โ€” it's already running.

Everything on this page is live in the product today, on every plan, including the free one. There's no "enterprise security" upsell โ€” protecting your business is the baseline.

Get started free โ†’

Frequently asked

Is my data encrypted?

Yes โ€” sensitive data is encrypted at rest with AES-256-GCM using a key derived uniquely for your business. The key is never stored in our code.

Can Amend staff read my business data?

Your data is encrypted and isolated to your business. We build tools to help you win work; we never sell your data or expose it to other businesses.

Can my salesperson see the company books through the AI?

No. Mend enforces the same role limits as the app โ€” company financials are limited to owners, admins and the office manager, and Mend says so plainly rather than revealing anything.

What happens if an employee leaves?

Changing their access or resetting a password takes effect immediately โ€” their existing sessions are revoked, not left valid for hours.

Do you back up my data?

Yes โ€” automated, encrypted backups run on a schedule, and you can export or delete your data whenever you want.

Security is continuously reviewed and improved. Found something? Email [email protected].