The security of your data is our core commitment | Amélio
Data security

The security of your data is at the heart of our commitment

When you use Amélio, you entrust us with valuable information about your employees, your company culture and your operations. We are fully aware of this. Protecting this data means honouring that trust.

A promise of trust that goes further

Our approach is simple: security must not be an add-on, but a foundation. That is why we have built high protection standards into every dimension of our product, from development to hosting and day-to-day management.

Your data protected, here and everywhere

Your data is hosted on secure Azure servers located in Canada. But security at Amélio goes well beyond hosting.

All data is encrypted in transit and at rest, in line with the strictest industry standards. We have put rigorous processes in place at every step (from collecting data to deleting it) to ensure exemplary compliance:

  • Law 25 compliance seal (data protection, Quebec) Law 25Quebec
  • GDPR compliance seal (Europe) GDPREurope
  • PIPEDA compliance seal (Canada) PIPEDACanada
  • FIPPA compliance seal (Ontario) Ontario's privacy legislationFreedom of Information and Protection of Privacy Act – FIPPA
  • PIPA compliance seal (British Columbia and Alberta) Personal Information Protection Act (PIPA)British Columbia and Alberta

We regularly audit and adapt our practices to anticipate changing legal requirements and give every client peace of mind, wherever they are in Canada or around the world.

Read our privacy policy

Security validated by the highest standards

At Amélio, we do not settle for promises: our security commitment is validated by demanding international standards.

We are proud to be SOC 2 Type 2 certified, an independent recognition that attests each year to the seriousness of our practices, covering the security, confidentiality and availability of your data.

Our infrastructure and processes are regularly audited and tested by external experts to ensure our standards stay high. We apply these same requirements to all our technology vendors and partners, who are selected and assessed with the same level of rigour. All so you can move forward with peace of mind.

SOC 2 Type 2 certification (AICPA SOC) SOC 2 Type 2 certified

Protect, monitor, improve: every day, without exception

Our team continuously tracks the evolution of digital threats. We also work with external experts to test our systems, spot vulnerabilities and improve constantly. Our backup and monitoring procedures are rigorous, to ensure the resilience of your data even in unexpected situations.

And should an incident occur, however unlikely, we have a clear plan to act quickly, inform our clients and limit the impact. This plan is tested every year.

Limited and controlled access

At Amélio, only a small number of authorized employees can access client data, and only when it is necessary to deliver the service. Every employee completes security training, and all our processes are reviewed regularly to ensure they follow best practices.

Data access under control and monitoring

AI and security: transparency, fairness and trust guaranteed

At Amélio, artificial intelligence is never a black box. It acts as a trusted strategic copilot, designed and supervised according to rigorous and widely recognized standards (SOC 2, NIST AI RMF, AI Act), to ensure ethical, responsible and secure use.

Our guiding principles (fairness, transparency, confidentiality, robustness and explainability) are built into every interaction. Data remains hosted and encrypted within Amélio's secure environment, with no uncontrolled external sharing, in compliance with the GDPR and Law 25.

We apply strict control over training data, proactive bias detection, and advanced practices such as red teaming and source diversification to counter sophisticated attacks. Finally, our approach follows international best practices of Security by Design and Privacy by Design, so that innovation always goes hand in hand with trust.

Fairness Transparency Confidentiality Robustness Explainability

You stay in control

Security also means giving you the right tools to manage your account and your users. You can customize access, manage roles within your organization and, if you wish, integrate secure sign-in methods such as single sign-on (SSO).

You can also connect Amélio directly to your HRIS to simplify your day-to-day and strengthen your control. Learn more about integrating your HRIS.

We support you in managing data responsibly, with tools and guidance to respond to every request for deletion, access or portability, in line with your obligations and your employees' expectations.

Secure sign-in with two-factor authentication (2FA)
A committed company

No compromise on security

We make no compromise on security. It is not an option, it is a responsibility. Security is overseen at the highest level of our organization, under the responsibility of an executive committee member and fully integrated into Amélio's governance.

Our clients choose us for our expertise in engagement, but they also stay with us for our rigour, transparency and reliability.

Amélio team member at work
Let's talk security

A question about our practices?

Do you have questions about our practices or would you like to speak with our security lead? Write to us at [email protected]. We will be happy to answer you.