All sport Football Tennis Basketball
Other
Fixture
Football
Tennis
Basketball
Other
Hockey
Baseball
Golf
Horse Racing
Auto Racing
Boxing
MMA
Rugby
Cricket
Cycling
Motor Cycle Racing
Sailing
Volleyball
Handball
Wrestling
Kabaddi
Lacrosse
Track and Field
Marathon
Billiards
Darts
Badminton
Esports
Skateboarding
Triathlon
Figure Skating
Alpine Skiing
Speed Skating
Ski jumping
Snowboarding
American Football
Upgrade icon Upgrade now

At AMZ Football, we value the trust our users place in us to keep their data private and secure. This page provides transparency about our security measures and how we protect your valuable notes, projects, and ideas. Our dedicated security team works tirelessly to ensure the safety of your data, and we are committed to continuously improving and expanding our security capabilities.

Security Program

Our security team has a clear charter: to protect the data stored in our service. Our security program covers various focus areas, including product security, infrastructure controls (physical and logical), policies, employee awareness, intrusion detection, and assessment activities.

We have an in-house Incident Response (IR) program that guides our employees in reporting suspicious activities. Our IR team is well-equipped with procedures and tools to respond to security issues promptly. We continually evaluate new technologies to enhance our ability to detect and defend against attacks on our infrastructure, service, and employees.

We periodically assess our infrastructure and applications for vulnerabilities and promptly remediate any issues that may affect the security of customer data. Our security team continuously explores new tools to increase the coverage and depth of these assessments.

Network Security

We define our network boundaries using load balancers, firewalls, and VPNs to control the services exposed to the Internet and segment our production network from the rest of our computing infrastructure. Access to our production infrastructure is limited based on business needs, and we enforce strong authentication for access.

Account Security

At AMZ Football, we prioritize your account security. We never store your password in plaintext. Instead, when securely storing your account password, we use PBKDF2 (Password-Based Key Derivation Function 2) with a unique salt for each credential. We carefully select the number of hashing iterations to strike a balance between user experience and password-cracking complexity.

We offer two-step verification (2SV) for all accounts, also known as two-factor or multi-factor authentication. Our 2SV mechanism is based on a time-based one-time password algorithm (TOTP). Users can generate codes locally using a mobile device application or choose to receive codes via text message, adding an extra layer of security to their accounts.

Product Security

Securing our Internet-facing web service is of utmost importance. Our security team drives an application security program to enhance code security hygiene and assesses our service periodically for common application security issues, including CSRF, injection attacks (XSS, SQLi), session management, URL redirection, and clickjacking.

All third-party client applications are authenticated using OAuth, providing a seamless and secure way to connect such applications to your account without sharing login credentials. Once you successfully authenticate with AMZ Futbol, we return an authentication token to the client for future access, eliminating the need for the application to store your username and password.

Client applications communicate with our service using a well-defined thrift API for all actions. This enables us to establish authorization checks as a foundational construct in the application architecture. Each client's authentication token is checked upon each access to the service to ensure the client is authenticated and authorized to access specific notes or notebooks.

AMZ Football operates as a multi-tenant service, meaning your data may reside on the same servers as other users' data. However, we maintain strict customer segregation, ensuring that your data is private and inaccessible to other users unless you explicitly choose to share it.

Media Disposal and Destruction

We prioritize the secure erasure or destruction of all storage media that have ever been used to store user data. Our approach adheres to the guidelines provided in NIST's special publication 800-88. For instance, when disposing of broken hard drives, we ensure their secure destruction, protecting any previously stored user data.

Storage Options and Encryption

We utilize various storage options in Google's Cloud Platform, such as local disks, persistent disks, and Google Cloud Storage buckets. To ensure data privacy, we leverage Google's cryptographic erasure processes, making sure that repurposing storage does not expose private customer data.

AMZ Football employs industry-standard encryption technology known as transport layer security (TLS) or secure socket layer (SSL) to safeguard your data during transit. Additionally, we support HTTP Strict Transport Security (HSTS) for the AMZ Football service. Our commitment to data protection drives us to support a mix of cipher suites and TLS protocols, balancing strong encryption for modern browsers and clients with backward compatibility for legacy clients.

For both inbound and outbound emails, we support STARTTLS, which ensures that if your mail service provider supports TLS, your email will be encrypted in transit to and from the AMZ Futbol service.

Encryption at Rest

Customer data stored in the Google Cloud Platform benefits from Google's built-in encryption-at-rest features. Specifically, we employ Google's server-side encryption feature with Google-managed encryption keys, automatically and transparently encrypting all data at rest using AES-256.

Resiliency and Availability

AMZ Football operates a fault-tolerant architecture to ensure continuous availability when you need it most. Our physical data centers and cloud infrastructure boast diverse and redundant Internet connections, redundant network infrastructure (switches, routers, and firewalls), redundant application load balancers, redundant servers and virtual instances, and redundant underlying storage. Both our colocation vendor and Google provide fault-tolerant facility services, including power, HVAC, and fire suppression.

We diligently back up all customer content at least once daily, ensuring data safety and recovery in the event of any unforeseen incidents. Portable or removable media are not utilized for backups.

Physical Security

For our data centers, we maintain a private, locked cage equipped with 24x7x365 monitoring. Access to these data centers requires a minimum of two-factor authentication, and in some cases, may include biometrics as a third factor. Undergoing SOC-1 Type 2 audits, our data centers demonstrate their ability to physically secure our infrastructure. Only authorized AMZ Football operations personnel and data center staff have physical access, and any access event is logged and video-recorded.

Our cloud services leverage Google Cloud Platform, which has undergone multiple certifications, attesting to its ability to physically secure AMZ Football's data. Google ensures a robust security environment, further enhancing data protection.