Security at ReplyFront
Last updated April 19, 2026
We treat security as a feature, not a checkbox. This page summarises the safeguards we apply across infrastructure, application, and operations.
Infrastructure
- Dedicated Linux servers in modern data centers (Tier-3 or better).
- Network segmentation between web, worker, cache, and database tiers.
- UFW firewall and provider-level DDoS protection on public endpoints.
- Wildcard TLS certificates from Let's Encrypt, automatically renewed.
Application
- Argon2id password hashing with per-password salts.
- Stateless HMAC tokens for the embeddable widget; cookie-bound sessions for the dashboard.
- AES-256-GCM encryption at rest for all third-party API tokens stored in the database.
- CSRF protection on every state-changing form.
- Strict-Transport-Security, X-Content-Type-Options, Referrer-Policy, and CSP-friendly defaults.
- Role-based access control with full staff audit log.
Operations
- Encrypted nightly database backups with 30-day retention; periodic restore tests.
- Dependency monitoring with automated security advisories.
- Incident response runbook and 72-hour breach notification SLA.
- Principle of least privilege for staff access.
Vulnerability disclosure
Found a security issue? Please email [email protected] with details. We commit to acknowledge within 2 business days and to coordinate a fix and disclosure timeline. Please do not publicly disclose the issue until we have had a reasonable opportunity to remediate.
Contact
Questions about this document? Email [email protected]. For data subject requests, write to [email protected].