Security & Data

Built to protect your data

How AmunCore secures every API channel, encrypts your credentials, and keeps your data under your control โ€” on your servers or ours.

Security is central to how AmunCore is designed. This page explains how your data is protected, where it lives, and how every API channel is secured. For enterprise or financial-sector evaluations, a detailed technical review is available on request.

Hosting model โ€” your data stays with you

AmunCore offers two deployment options, and in both cases we never copy, export, or store your database records. AmunCore acts as a controlled access layer in front of your data.

๐Ÿข

Self-hosted (on-premises)

Install AmunCore on your own servers, behind your own firewall. It connects to your databases using credentials you control. Your data never leaves your environment. Ideal for banks, enterprises, and regulated industries.

โ˜๏ธ

Managed cloud

Use our hosted platform with strict per-company isolation. Each company's applications, endpoints, and data are fully separated from every other company's.

How every API channel is secured

Whether a request arrives via REST, GraphQL, the AI/MCP channel, or a webhook delivery, the same protections apply:

ChannelHow it's protected
REST APIPer-application API key required on every request; parameterized queries; rate limiting; optional IP whitelisting; full audit logging.
GraphQLResolved by application ID + API key together; per-endpoint authentication; only explicitly exposed fields are queryable.
AI / MCPGated by a separate secret token (distinct from API keys); scoped to a single company; same audit logging; can be disabled entirely per company.
WebhooksPayloads signed with HMAC-SHA256 so receivers can verify authenticity and detect tampering; delivery attempts are logged.

Encryption

Authentication & access control

ControlDetail
Password securityPasswords hashed with BCrypt; never stored in plain text.
Two-factor authenticationOptional TOTP 2FA for dashboard logins, with one-time recovery codes and administrator reset.
Role-based accessSuperAdmin, Admin, Developer, and Viewer roles with scoped permissions.
Tenant isolationStrict per-company separation; one company can never access another's data.

Auditing & monitoring

Every API request is logged with its method, path, status code, response time, and source IP. Real-time analytics show usage, error rates, and latency. Webhook delivery attempts and outcomes are recorded for traceability.

SQL injection protection

All database access uses fully parameterized queries. User input is never concatenated into SQL, so injection is prevented at the architecture level โ€” across table endpoints, stored-procedure endpoints, and every supported database engine.

Honest roadmap

We believe in transparency during security reviews. The following are on our hardening roadmap and not all are implemented yet:

For regulated deployments, we recommend an on-premises installation combined with a joint security review with your team, so any controls required by your compliance framework can be addressed before go-live. Contact sales@amuncore.com.

This page is a summary for evaluation purposes and does not constitute a security warranty.

Powered by HYNOWorld

Product

Features Databases Pricing Create Account

Company

About Us Security & Data Contact

Legal

Privacy Policy Terms of Service

Contact

info@amuncore.com sales@amuncore.com +20 100 516 5421
ยฉ 2026 AmunCore ยท HYNOWorld. All rights reserved.