Reference
Security overview
What we encrypt, what we log, and how we keep your data safe.
By ReplyFront Team · Last updated June 5, 2026
At rest
- All API credentials (Shopify tokens, Meta tokens, OpenAI keys, Stripe keys) are AES-256-GCM encrypted with per-workspace keys.
- The MariaDB instance is hosted on a private VPC with disk encryption enabled.
- Daily off-server encrypted backups, restore-verified monthly into a sandbox database.
In transit
- TLS 1.2+ everywhere. HSTS preload, modern ciphers only.
- Wildcard certificate via Let’s Encrypt (DNS-01 with Cloudflare).
Authentication
- Argon2id password hashing.
- Email magic links via signed tokens.
- Optional TOTP MFA (in beta).
AI safety
- Prompt-injection guards on every customer turn.
- Strict mode prevents the AI from echoing system prompts or business secrets.
- Configurable allow/deny topic lists.
Compliance
GDPR-aligned. Data Processing Addendum available on request. Sub-processors listed in our Sub-processors page.