Enterprise

Amba for Enterprise — built for compliance, scale, and procurement.

For Fortune 500 mobile teams and regulated industries. One backend, one contract — SOC2 Type II, BAA, GDPR data residency, dedicated tenant regions, SSO + SCIM, 99.95% SLA, named CSM, custom MSA. Annual prepay, Net-60 invoicing, procurement-portal friendly.

Talk to us Trust center
what's included

Twenty-one commitments — written down.

Every Enterprise contract ships with the controls below. Procurement, security, and legal can pre-review against your standard checklist before the first call.

Compliance
  • SOC2 Type II report
    Type II audit kickoff Q2 2026. Report available under NDA once issued. Trust services criteria: Security, Availability, Confidentiality.
  • BAA for HIPAA
    Executable Business Associate Agreement for covered entities and business associates.
  • GDPR data residency
    EU-only data plane available — customer data, backups, and derived telemetry stay in-region.
  • Sub-processor list with DPAs
    Named processors, executed Data Processing Agreements, and categories of data documented on the trust center.
Reliability
  • 99.95% contractual SLA
    Service credits stack to 100% of monthly fee for breaches below 99.0%. Higher tiers available.
  • Status page with 90-day history
    Public uptime, incident timeline, and post-mortem index.
  • Defined incident response
    SEV-1 acknowledged within 15 minutes; named on-call escalation; written RCA within 5 business days.
Isolation
  • Dedicated tenant region
    Choose US, EU, or APAC. Data, compute, and cache stay in-region — sub-processors included.
  • Per-customer encryption keys
    Customer-managed encryption keys (CMEK) and bring-your-own-key (BYOK) supported on dedicated tenants.
  • Network isolation
    Private-link ingress and egress, customer VPC peering, IP allowlists on the admin plane.
Identity
  • SSO — SAML and OIDC
    Okta, Azure AD, Ping Identity, Google Workspace, JumpCloud, OneLogin out of the box.
  • SCIM 2.0 provisioning
    Just-in-time user provisioning, automated deprovisioning on offboarding, group-to-role sync.
  • Custom JWT claims
    Inject identity-provider claims into end-user app sessions for downstream authorization.
Operations
  • 24/7 priority support
    Shared Slack or Teams channel, 15-minute SEV-1 response, dedicated escalation rotation.
  • Named Customer Success Manager
    Single point of contact for roadmap influence, quarterly business reviews, and feature requests.
  • White-glove migration
    Written cutover runbook, parallel-run support, documented rollback plan from your incumbent stack.
  • Quarterly business review
    Usage trend report, security posture update, roadmap preview, and renewal planning.
Procurement
  • Custom MSA + DPA
    Master Services Agreement and Data Processing Agreement negotiable through your legal team.
  • Net-60 ACH / wire
    Invoice billing on annual prepay terms. PO-referenced, W-9 and W-8BEN-E on file.
  • Annual contracts
    Single-year and multi-year terms with reserved-capacity discounts.
  • Vendor onboarding portals
    Coupa, SAP Ariba, Jaggaer supported — your AP team will not get stuck.
trust center

Everything your security team needs.

  • SOC2 Type II status — current report + scope statement.
  • Sub-processor list — named providers, executed DPAs, region of processing.
  • Security questionnaire — pre-filled CAIQ + SIG-Lite, returned in 48 business hours.
  • BAA / DPA / MSA templates — redline start points for your legal team.
  • Pentest summary letter — latest third-party penetration test cover sheet.
trusted by mobile teams at
Top-10 US bank
Fortune 500 retailer
Global healthcare provider
40M-member health plan
National telco
Top-5 insurance carrier

Anonymized under NDA. Named references available on request during evaluation.

contact

Talk to us.

One round of triage; one named contact within one business day; one scoped POC plan within five.

We respond within one business day. Your data is not used for marketing email lists.

frequently negotiated

What procurement always asks.

Do you have SOC2 Type II?

Audit kickoff Q2 2026 — we are in the observation window now. Report will be available under NDA once issued. Until then, we can share our current SOC2 readiness assessment and design-stage controls documentation under NDA — request via the intake form above. Trust services criteria: Security, Availability, Confidentiality.

Can we bring our own VPC / private link?

Yes, on dedicated tenant deployments. We support customer VPC peering, private-link ingress, and IP allowlists on the admin plane.

What is the data deletion timeline on contract termination?

30 days from termination. Certified destruction reports issued on request, with crypto-shredding evidence for encrypted backups.

GDPR / EU data residency?

Yes. The EU region runs an EU-only data plane — customer data, derived telemetry, and backups stay in-region. Sub-processors are documented per region.

What is your pricing floor?

Enterprise pricing is custom-fit to your scale, residency, and contract term. Most engagements start in the high-five-figures annually, with reserved-capacity and multi-year discounts available.

Trial or POC available?

Yes — a 30-day paid POC with a proof-of-architecture deliverable, scoped against your incumbent migration. Credits convert toward annual contract on close.

How do you handle LLM / AI exposure on customer data?

No customer data is used to train any LLM. The agent surface (MCP) is provisioning-only, sandboxed per project, and audit-logged. Prompt-injection controls are documented in the trust center.

ready when you are

One contract. One backend. Six fewer vendors.

Tell us the stack you're consolidating, the compliance posture you need, and your target go-live. We'll come back with a scoped POC plan.

Talk to us Trust center
start in 30 seconds

Hand the docs to your agent.
Ship by lunch.

Read the docs