Reference

Security overview

What we encrypt, what we log, and how we keep your data safe.

By ReplyFront Team · Last updated June 5, 2026

At rest

  • All API credentials (Shopify tokens, Meta tokens, OpenAI keys, Stripe keys) are AES-256-GCM encrypted with per-workspace keys.
  • The MariaDB instance is hosted on a private VPC with disk encryption enabled.
  • Daily off-server encrypted backups, restore-verified monthly into a sandbox database.

In transit

  • TLS 1.2+ everywhere. HSTS preload, modern ciphers only.
  • Wildcard certificate via Let’s Encrypt (DNS-01 with Cloudflare).

Authentication

  • Argon2id password hashing.
  • Email magic links via signed tokens.
  • Optional TOTP MFA (in beta).

AI safety

  • Prompt-injection guards on every customer turn.
  • Strict mode prevents the AI from echoing system prompts or business secrets.
  • Configurable allow/deny topic lists.

Compliance

GDPR-aligned. Data Processing Addendum available on request. Sub-processors listed in our Sub-processors page.