Last updated: March 29, 2026
AmpTagger is built with security in mind at every layer. This page describes how we protect your data, authenticate users, and handle sensitive information.
AmpTagger is hosted on Vercel, which maintains SOC 2 Type II compliance. All connections are encrypted with HTTPS/TLS, enforced automatically by the platform. There is no option to access AmpTagger over an unencrypted connection.
AmpTagger uses a multi-tenant architecture with per-organization data separation. All data is stored in Vercel Postgres, and every database query is scoped by organization ID. This ensures that one organization's data is never accessible to another.
AmpTagger supports two authentication methods:
Sessions are managed using JSON Web Tokens (JWT) signed with HS256. Tokens are stored in httpOnly, secure, and sameSite=lax cookies, which prevents access from client-side JavaScript and mitigates cross-site request forgery. Sessions expire after 7 days. Tokens contain only your user ID and organization ID — no personal information is stored in the token itself.
All payment processing is handled by Stripe, which is PCI DSS Level 1 compliant — the highest level of certification in the payments industry. AmpTagger never receives, stores, or has access to your credit card numbers, CVVs, or full billing details.
When you submit an article for analysis, its content is sent to the Anthropic Claude API for analysis and post generation. Per Anthropic's data policy, API inputs are not used to train their models. Article content is processed in transit and is not retained by AmpTagger beyond your active session.
If you discover a security vulnerability, please contact us at security@amptagger.com. We take all reports seriously and will respond promptly. Please allow us reasonable time to address the issue before disclosing it publicly.
We use cookies to analyze site usage and improve your experience. See our Cookie Policy for details.