Skip to Content Skip to Footer

Amplify’s Subprocessors

This page provides the current list of third party service providers that Amplify engages to help us provide our services and may have access to Personal Information of our customers (“Subprocessors”) as outlined in Amplify’s Customer Privacy Policy.

How to get notified of changes

Please use the “Subscribe to Updates” functionality at the top of the page to receive emails from Amplify regarding updates to the list of Subprocessors and/or changes to the information provided on this page. Should you choose not to use this functionality to receive email notifications, it is our expectation that you check the link regularly for any updates.

Our commitments regarding Service Providers

All of the Subprocessors listed below have a legitimate need to access Personal Information in order to provide their service to Amplify as a part of Amplify’s provision of the services to our customers. With regard to Subprocessors, Amplify commits to:

  • Conduct due diligence on the data privacy and security measures of new Subprocessors before providing access to Personal Information and monitor on an annual basis thereafter. As part of this process, Amplify reviews the Subprocessor’s security documentation, practices, and posture to ensure alignment with Amplify’s information security program and standards;
  • Enter into a written agreement which requires at least the same level of protection for Personal Information and individuals as set out in Amplify’s Customer Privacy Policy and our agreements with customers, as applicable, before providing access to Personal Information;
  • Restrict the Subprocessor’s access to Personal Information to only what is necessary to fulfill our contractual obligations or as otherwise permitted under the agreements with our customers or under applicable data privacy laws; and
  • Remain liable for any processing of Personal Information carried out by Subprocessors to the same extent we would be liable if performing the services ourselves.

Subprocessors

Amplify’s Subprocessors of Personal Information are:

Subprocessor Purpose Location Student Data Educator Data
Amazon Web Services Cloud hosting services United States A large, light peach-colored checkmark on a transparent background.
 A large, light peach-colored checkmark on a transparent background.
Anthology (formerly Blackboard) Video conferencing and attendee tracking for tutoring services United States A large, light peach-colored checkmark on a transparent background.
 A large, light peach-colored checkmark on a transparent background.
Boomi, Inc. Data integration United States   A large, light peach-colored checkmark on a transparent background.
Datadog Performance and security monitoring United States A large, light peach-colored checkmark on a transparent background.
 A large, light peach-colored checkmark on a transparent background.
dbt Labs, Inc. Run database queries United States A large, light peach-colored checkmark on a transparent background.
 A large, light peach-colored checkmark on a transparent background.
Egnyte, Inc. Secure file exchange United States A large, light peach-colored checkmark on a transparent background.
 A large, light peach-colored checkmark on a transparent background.
Fivetran, Inc. Database loading United States A large, light peach-colored checkmark on a transparent background.
 A large, light peach-colored checkmark on a transparent background.
Gainsight, Inc. Customer support United States   A large, light peach-colored checkmark on a transparent background.
Google, LLC Cloud hosting services United States A large, light peach-colored checkmark on a transparent background.
 A large, light peach-colored checkmark on a transparent background.
Google, LLC (Looker) Data warehouse analytics United States A large, light peach-colored checkmark on a transparent background.
 A large, light peach-colored checkmark on a transparent background.
HubSpot Email delivery United States   A large, light peach-colored checkmark on a transparent background.
MongoDB, Inc. Database hosting United States A large, light peach-colored checkmark on a transparent background. A large, light peach-colored checkmark on a transparent background.
Salesforce Customer relationship management United States   A large, light peach-colored checkmark on a transparent background.
SchoolDay (formerly GG4L) Secure rostering United States A large, light peach-colored checkmark on a transparent background. A large, light peach-colored checkmark on a transparent background.
Snowflake, Inc. Database hosting United States A large, light peach-colored checkmark on a transparent background. A large, light peach-colored checkmark on a transparent background.
Talkdesk, Inc. Customer support United States   A large, light peach-colored checkmark on a transparent background.
Twilio, Inc. (Sendgrid) Email delivery United States A large, light peach-colored checkmark on a transparent background. A large, light peach-colored checkmark on a transparent background.

Updates

Date of Change Change Notes
October 10, 2025 Changed Blackboard to Anthology and GG4L to SchoolDay. Update MongoDB purpose. Added Datadog to the Students Subprocessor List. Created Educators Subprocessor List. Anthology and SchoolDay updated their corporate branding. Added list of Educator Data Subprocessors to clarify which partners process educator data.
June 14, 2024
 Removed Desmos Studio, PBC, Qualfon Data Services Group, LLC, and Zendesk, Inc. These partners and services are no longer used for customer support.
July 27, 2023
 Added Fivetran
September 15, 2022
 Corrected name of Desmos Studio, PBC.
July 21, 2022 Added Desmos Collective LLC, Google, MongoDB, Twilio, and Zendesk These services support Mathigon.org and Desmos Classroom
July 20, 2022 Added Qualfon Data Services Group, LLC
October 4, 2021 Added Blackboard, Inc.
July 26, 2021 Fishtown Analytics, Inc. renamed to dbt Labs, Inc.
June 17, 2021 Updated with data warehousing and roster services providers
May 28, 2021 Initial public posting.

Amplify announces new board member Michael Camuñez

Brooklyn, NY (October 21, 2020) – Amplify, a publisher of next-generation curriculum and assessment programs, announced today that it appointed a new board member, Michael Camuñez to its board of directors.

Camuñez serves as president and chief executive officer of Monarch Global Strategies LLC, a bi-national consulting firm providing strategic advice and advocacy to companies doing business in emerging economies, with a particular emphasis on Mexico and Latin America. Previously, Camuñez served as one of the nation’s leading commercial diplomats as the assistant secretary of commerce at the International Trade Administration, where he managed a global portfolio to help lead the U.S. government’s efforts to open new markets for U.S. goods and services. Prior to that, he also served as special counsel to the president at the White House.

“We are honored and excited to have Michael Camuñez join the board of Amplify,” said Amplify CEO Larry Berger. “His unique experience in political, legal, economic, and international worlds means he brings critical insight to our company as we continue growing and serving educators and students across the country and, in time, the globe.”

“Amplify’s mission to revolutionize education and expand access to learning through technology is not only exciting, it’s essential to help bridge the equity gap and accelerate learning for millions of children in the U.S. and around the world,” stated Camuñez. “I’m thrilled to be joining such an important endeavor with such a talented team.”

Camuñez joins Amplify’s existing board members: Russlynn Ali, CEO and co-founder, XQ Institute; Brad Powell, managing director, investments at the Emerson Collective; Margaret Spellings, president and CEO of Texas 2036; and Larry Berger, CEO at Amplify.

About Amplify
A pioneer in K–12 education since 2000, Amplify is leading the way in next-generation curriculum and assessment. Our core and supplemental programs in ELA, math, and science engage all students in rigorous learning and inspire them to think deeply, creatively, and for themselves. Our formative assessment products turn data into practical instructional support to help all students build a strong foundation in early reading and math. All of our programs provide teachers with powerful tools that help them understand and respond to the needs of every student. Today, Amplify serves seven million students in all 50 states. For more information, visit amplify.com.

Contact: media@amplify.com

More News

Amplify Desmos Math receives an all-green rating from EdReports

Amplify’s research-backed, curiosity-driven math program receives all-green scores across all three EdReport gateways

READ MORE

Slow but steady progress: new Amplify data show why middle-of-year literacy screening matters 

READ MORE

See All News

1. Service Overview

As a provider of technology solutions to schools, Amplify’s commitment to data privacy and security is essential to our organization. This overview of Amplify’s Information Security Program describes physical, technical and administrative safeguards Amplify implements to protect student data in our care.

Company profile

Amplify Education, Inc. (Amplify) is a privately held company founded in 2000 as Wireless Generation. Amplify’s products include curriculum and instruction, assessment and intervention, professional development services and consulting services for K-12 education.

Service hosting

Amplify leverages Amazon Web Services (AWS) as its cloud hosting provider. Within AWS, Amplify utilizes Virtual Private Clouds (VPCs), which provide an isolated cloud environment within the AWS infrastructure. External network traffic to a VPC is managed via gateway and firewall rules, which are maintained in source code control to ensure that the configuration remains in compliance with Amplify security policy. In addition, the production VPCs and the development VPCs are isolated from each other and maintained in separate AWS accounts.

2. Policies & standards

Information security program

Amplify maintains a comprehensive information security program based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework and the NIST SP 800-53 Rev. 5 family of information security controls. These provide a robust framework of best practices from which an organization can build its security policies and protocols based on identified risks, compliance requirements, and business needs. They cover critical practice areas, including access control, configuration management, incident response, security training, and other information security domains.

Governance

Amplify’s Information Security Committee has primary responsibility for the development, maintenance, and implementation of the Amplify information security program. The Information Security Committee is responsible for all information risk management activities within the company and is composed of technology, business and legal leaders from the organization. The Committee meets weekly and includes a dedicated VP of Information Security and a program manager to oversee, direct and coordinate its activities.

Policy execution

Adherence to the internal Amplify information security policy is an obligation of every Amplify employee. Amplify conducts a series of internal monitoring procedures to verify compliance with internal information security policies, and all Amplify employees undergo annual criminal background checks. In addition, any third-party contractors who come into contact with systems that may contain student data are contractually bound to maintain security and privacy of the data.

3. Data access controls

Access control

Amplify’s access control principles dictate that all student data we store on behalf of customers is only accessible to district-authorized users and to a limited set of internal Amplify users who may only access the data for purposes authorized by the district. Districts maintain control over their internal users and may grant or revoke access.

In limited circumstances and strictly for the purposes of supporting school districts and maintaining the functionality of systems, certain Amplify users may access Amplify systems with student data. All such access to student data by Amplify technicians or customer support requires both authentication and authorization to view the information.

Encryption

Data encryption is an important element of our protection of sensitive data at rest and in transit, and is reviewed and updated as appropriate annually, based on the latest standards and guidelines published by OWASP and NIST.

  • In transit: Amplify encrypts all student data in transit over public connections, using Transport Layer Security (TLS), commonly known as SSL, using industry-standard protocols, ciphers, algorithms, and key sizes.
  • At rest: Amplify encrypts student data at rest using the industry-standard AES-256 encryption algorithm.

4. Application security by design

Building the right roles into applications

Permissions within Amplify applications are designed on the principle that school districts control access to all student data. To facilitate this, Amplify applications are designed so that roles and permissions flow from the district to the individual user. For example, applications that offer schools a way to collect and report on assessment results have a web interface that requires district administrators to authorize individuals to view student data.

Security controls within applications are used to ensure that the desired privacy protections are technically enforced within the system. For example, if a principal is supposed to see only the data related to his or her school, Amplify ensures that, throughout the design and development process, our products restrict principals from seeing records for any students outside his or her school.

To make sure Amplify applications properly enforce permissions and roles, our development teams conduct reviews early in the design process to ensure roles and permissions are an essential component of the design of new applications.

Building security controls into applications

Amplify applications are also developed to minimize security vulnerabilities and ensure industry-standard application security controls are in place.

As part of the development process, Amplify has a set of application security standards that all applications handling student data are required to follow, including:

  • Student data is secured using industry standard encryption when in transit between end-users and Amplify systems.
  • Applications are built with password brute-force attack prevention.
  • User sessions expire after a fixed period of time.

We also conduct manual and automated static code analysis as well as dynamic application security testing to preemptively identify vulnerabilities published by industry leaders such as OWASP (Open Web Application Security Project)

5. Proactive security

Risk assessments

Amplify periodically engages a security consulting firm to conduct risk assessments, aimed at identifying and prioritizing security vulnerabilities. The Information Security Committee coordinates remediation of the vulnerabilities. The security consulting firm also provides ongoing advice on current risks and advises on remediation of vulnerabilities and incident response.

Penetration testing

Amplify engages third-party firms to continually conduct application penetration testing.  The purpose of this testing is to test for application security vulnerabilities in the production environment.  We work with third party penetration testing program partners. Third-party testing involves a combination of automated and manual testing.

Vulnerability management

Amplify ensures that its systems are free of known vulnerabilities in several ways. Every production server runs vulnerability detection software that compares the installed software against a global database of known vulnerabilities. Secondly, we employ real time network monitoring that reports on any potentially malicious traffic. In addition, a third-party security firm continually reviews all of our system logs for potential security breaches. Lastly we continually test our applications against common malicious internet traffic. Violations in any of these areas will alert one of our operations teams, who are available around the clock.

In addition, Amplify participates in a private bug bounty program through HackerOne, working with the security community to find security vulnerabilities and support our efforts to keep our data and systems safe and secure.

Endpoint security

Access to production systems at Amplify is restricted to a limited set of internal Amplify users to support technical infrastructure, troubleshoot customer issues, or other purposes authorized by the district. In addition, Amplify requires multi-factor (MFA) authentication methods for access to all production systems. MFA involves a combination of something only the user knows and something only the user can access. For example, MFA for administrative access could involve entering a password as well as entering a one-time passcode sent via text message to the administrator’s mobile phone. The use of MFA reduces the possibility that an unauthorized individual could use a compromised password to access a system.

Infrastructure security

Network filtering technologies are used to ensure that production environments with student data are properly segmented from the rest of the network. Production environments only have limited external access to enable customers to use our web interfaces and other services. In addition, Amplify uses firewalls to ensure that development servers have no access to production environments.

Other measures that Amplify takes to secure its operational environment include system monitoring to detect anomalous activity that could indicate potential attacks and breaches.

Security training

At Amplify, we believe that protecting student data is the responsibility of all employees. We implemented a comprehensive information security awareness training program that all employees  undergo upon initial hire, with an annual refresher training. We also provide information security training and annual social engineering tests for specific departments based on role.

6. Reactive security

Monitoring

Intrusion detection and prevention systems (IDS/IPS) are in place to analyze the network device logs, monitor the network and report anomalous activity for appropriate resolution.

Incident response

Amplify maintains a comprehensive Security Incident Response Policy Plan, which sets out roles, responsibilities and procedures for reporting, investigation, containment, remediation and notification of security incidents. Amplify works with reputable firms for incident response and digital forensics support, as well as annual table-top exercises in coordination with cybersecurity experts.

Business Continuity Planning and Disaster Recovery

Amplify maintains a comprehensive Business Continuity Planning and Disaster Recovery Plan (BCP/DR), to guide personnel in procedures to protect against business disruptions caused by an unexpected event. The plans and related operations processes are tested on a semiannual basis, with ensuing operations improvement and remediation work.

7. Compliance

Audits

In addition to penetration testing and other proactive security testing and monitoring outlined above, Amplify undergoes annual SOC 2 Type 2 examinations of controls relevant to security. The examination is formally known as a Type 2 Independent Service Auditor’s Report on Controls Relevant to Security. The most recent examination was conducted by Schellman & Company, LLC and covers the period from April 1, 2024–March 31, 2025. The report states that Amplify’s systems meet the criteria for the security principle and opine on management’s description of the organization’s system and the suitability of the design of controls to protect against unauthorized access, use, or modification.

The Type 2 report also opines on the operating effectiveness of controls over the review period. This means that our auditors confirmed that we have continued to follow established security controls over the period of time of the review.

Certifications

SOC 2: Amplify successfully completed the SOC 2 Type 2 examination of controls relevant to security (see above, under “Audits”).

Privacy

Amplify’s products are built to facilitate district compliance with applicable data privacy laws, including FERPA and state laws related to the collection, access and review and disclosure of student data. Amplify’s Customer Privacy Policy describes the types of information collected and maintained on behalf of our school district customers and limitations on use and sharing of that data.

8. Supporting documentation

In the course of customer security assessment, the following documentation can be provided by Amplify upon customers’ request:

  • Penetration Testing Report
  • Risk Assessment Report
  • SOC 2 Type 2 Report

9. Report a vulnerability

To report a security vulnerability, click here.

Season 10, Episode 10

From talk to text: How language skills shape reading success, with Charles Hulme, D.Phil., and MaryKate DeSantis

In this episode of Science of Reading: The Podcast, Susan Lambert is joined by emeritus professor of psychology and education at the University of Oxford, Charles Hulme, D.Phil.; and founder of Left Side Strong LLC, MaryKate DeSantis. They dive deep into the critical connection between oral language development and reading comprehension. Together, they also explore exactly what oral language development is, how to screen children for deficits in oral language abilities, and the most effective strategies educators can use for intervention.

Join Science of Reading: The Community to connect with fellow educators.

Two people, a man and a woman, appear in separate circular frames on a background featuring book, pencil, and lightbulb icons, highlighting language development and language skills.
Apple Podcasts badge with the purple Apple Podcasts logo and the text "Listen on Apple Podcasts" on a white background. Spotify logo with the text 'Listen on Spotify' inside a rounded rectangle on a white background.

Transcripts and additional resources:

Register to join our Science of Comprehension Symposium to unpack what it means for students to truly comprehend what they’re reading, and how to get them there
Submit your questions on comprehension
Access free, high-quality resources at our brand-new companion professional learning page
Connect with Charles Hulme, D.Phil., on LinkedIn
Learn more about Charles Hulme, D.Phil., and his research
Connect with MaryKate DeSantis on LinkedIn
Learn more about Left Side Strong LLC
Listen to our Science of Reading: The Podcast episode with Wesley Hoover, Ph.D.
Listen to our Science of Reading: The Podcast episode with Julie Van Dyke, Ph.D.
Listen to our Science of Reading: The Podcast episode with Tiffany Hogan, Ph.D.
Listen to Season 2 of Amplify’s Beyond My Years podcast
Join our community Facebook group
Read Perspectives on Language Spring 2025: Book Language: What It Is, How Children Can “Get It”
Connect with Susan Lambert
Read the transcript

Meet Our Guest(s):

A smiling older man with short gray hair poses in front of green plants, highlighting themes of language development. A lightbulb graphic and circular frame decorate the photo.

Charles Hulme, D.Phil.

Charles Hulme is emeritus professor of psychology and education at the University of Oxford. He has broad research interests in reading, language, and memory processes and their development; and is an expert on randomized controlled trials in education. He has published widely and is in the top 2% for citations of all researchers in the field of education. He holds an honorary doctorate from the University of Oslo (2014) and is a member of Academia Europea and a Fellow of the Academy of Social Sciences. He was also elected a Fellow of the British Academy in 2017.

A woman with short brown hair and a black turtleneck smiles at the camera. She is framed by a circular border with a blue book icon and orange decorative lines, hinting at her passion for reading success. Bookshelves are blurred in the background.

MaryKate DeSantis

MaryKate DeSantis is the founder of Left Side Strong LLC. Her experience working in a large urban school district as a special education teacher, reading specialist, and district-wide literacy coach has fueled her passion for translational research to ensure that all children receive evidence-based instruction. Her background in teaching reading sparked an interest in researching language, literacy, and developmental trajectories. She is a full-time faculty member in the Speech and Language Literacy Lab at MGH Institute of Health Professions, and is also an ongoing-research collaborator with the BRIDGES Lab at the Harvard Graduate School of Education.

She has also served as a clinician in the Neurology Department at Boston Children’s Hospital, is an adjunct professor at the Boston College Lynch School of Human Development, and is a Ph.D. student in educational psychology at the University of Connecticut.

Meet our host, Susan Lambert

Susan Lambert is chief academic officer of literacy at Amplify and host of Science of Reading: The Podcast. Throughout her career, she has focused on creating high-quality learning environments using evidence-based practices. Lambert is a mom of four, a grandma of four, a world traveler, and a collector of stories.

As the host of Science of Reading: The Podcast, Lambert explores the increasing body of scientific research around how reading is best taught. A former classroom teacher, administrator, and curriculum developer, she’s dedicated to turning theory into best practices that educators can put right to use in the classroom, and to showcasing national models of reading instruction excellence.

Person with short blonde hair, glasses, and earrings, wearing an orange jacket, smiling in front of a plain gray background—committed to literacy education and fostering background knowledge for all learners.

Quotes

“Reading comprehension is the process of taking the meaning from printed symbols on a page and translating them into a linguistic and cognitive code. It's making contact with the processes of language comprehension.”

—Charles Hulme, D.Phil.

“Language comprehension is really what leads us to reading comprehension.”

—MaryKate DeSantis

“We've got to start from the premise that reading is language. Without language, there would be no reading. Reading is a process that involves taking language in its written form and translating it back into its original form, which is spoken language.”

—Charles Hulme, D.Phil.

“If we go back in development, language skills appear to form the foundation for the ability to decode print, as well as the foundation for the ability to understand what is decoded.”

—Charles Hulme, D.Phil.

“Language skills are unconstrained, meaning the sky's the limit. As long as you continue to engage in any sort of way, your language skills can continue to develop throughout your lifetime.”

—Susan Lambert

“We talk about learning to read, but we also need to talk about reading to learn. A lot of what we learn in our lives is through reading, and reading is certainly a powerful driver of vocabulary and language development.”

—Charles Hulme, D.Phil.

“Focusing on language is worth the time. …  When we treat it as foundational, that's when we will give more students access to success.”

—MaryKate DeSantis

“If we want better readers, we have to grow better language users.”

—MaryKate DeSantis

Season 5, Episode 8

Utilizing AI as a teaching tool

Join Math Teacher Lounge as we continue our summer mini-series where we discuss how to utilize artificial intelligence (AI) as a teaching tool. In this episode, we sat down with educator Kristen Moore to discuss how she is using Chat GPT as a tool to revolutionize student learning and streamline lesson planning.

Listen today and don’t forget to grab your MTL study guide to track your learning and make the most of this episode!

A math teacher with long hair and earrings smiles at the camera, framed by a circular border with colorful triangle and cat patterns, against a backdrop of a whiteboard.

Meet Our Guest(s):

A woman with wavy brown hair and hoop earrings smiles at the camera in a classroom, whiteboards behind her filled with notes—capturing the welcoming spirit of a dedicated math teacher.

Kristen Moore

Kristen Moore is a veteran mathematics educator who believes that math class should be about more than just solving for x. Kristen enables students to grow in both their confidence and capabilities in the secondary math classroom, with real, relevant, and rigorous learning experiences. In her classroom, Kristen provides engaging mathematical experiences from projects to problem-based learning (PBL), turning students into problem solvers instead of calculators–and unlocking students’ potential to become problem solvers of the future. Kristen started her own company, called, Moore than Just X, LLC, and the Modern Math Teacher podcast, providing teachers with training and resources that bring authentic learning experiences to the math classroom. Through project-based learning, Kristen helps teachers focus on connecting students and standards, boosting engagement, and bringing life back to the math classroom.

Meet our hosts: Bethany Lockhart Johnson and Dan Meyer

Bethany Lockhart Johnson is an elementary school educator and author. Prior to serving as a multiple-subject teacher, she taught theater and dance, and now loves incorporating movement and creative play into her classroom. Bethany is committed to helping students find joy in discovering their identities as mathematicians. In addition to her role as a full-time classroom teacher, Bethany is a Student Achievement Partners California Core Advocate and is active in national and local mathematics organizations. Bethany is a member of the Illustrative Mathematics Elementary Curriculum Steering Committee and serves as a consultant, creating materials to support families during distance learning.

Dan Meyer taught high school math to students who didn’t like high school math. He has advocated for better math instruction on CNN, Good Morning America, Everyday With Rachel Ray, and TED.com. He earned his doctorate from Stanford University in math education and is currently the Dean of Research at Desmos, where he explores the future of math, technology, and learning. Dan has worked with teachers internationally and in all 50 United States and was named one of Tech & Learning’s 30 Leaders of the Future.

Two people smiling at the camera, each in a separate circular frame, with geometric shapes decorating the background—perfect for a math teacher lounge or highlighting fresh math teacher resources.

Transcripts and additional resources:

Tune in to Kristen’s podcast, Honest Math Chat.
Follow Kristen on Twitter
Read Kristen’s EduTopia article, “Using ChatGPT in Math Lesson Planning.”
Check out the High-Leverage Practices from TeachingWorks.
Follow Kristen on Instagram
Transcript

Quotes

“While AI is an amazing tool, you’ve really got to make sure that you are focusing in on your expertise as well, and saying, ‘How can I use this to make something better?’ and not just saying, ‘How can I use this to make something?’”

—Kristen Moore

Stay connected!