Security at ReplyFront

Last updated April 19, 2026

We treat security as a feature, not a checkbox. This page summarises the safeguards we apply across infrastructure, application, and operations.

Infrastructure

  • Dedicated Linux servers in modern data centers (Tier-3 or better).
  • Network segmentation between web, worker, cache, and database tiers.
  • UFW firewall and provider-level DDoS protection on public endpoints.
  • Wildcard TLS certificates from Let's Encrypt, automatically renewed.

Application

  • Argon2id password hashing with per-password salts.
  • Stateless HMAC tokens for the embeddable widget; cookie-bound sessions for the dashboard.
  • AES-256-GCM encryption at rest for all third-party API tokens stored in the database.
  • CSRF protection on every state-changing form.
  • Strict-Transport-Security, X-Content-Type-Options, Referrer-Policy, and CSP-friendly defaults.
  • Role-based access control with full staff audit log.

Operations

  • Encrypted nightly database backups with 30-day retention; periodic restore tests.
  • Dependency monitoring with automated security advisories.
  • Incident response runbook and 72-hour breach notification SLA.
  • Principle of least privilege for staff access.

Vulnerability disclosure

Found a security issue? Please email [email protected] with details. We commit to acknowledge within 2 business days and to coordinate a fix and disclosure timeline. Please do not publicly disclose the issue until we have had a reasonable opportunity to remediate.

Contact

Questions about this document? Email [email protected]. For data subject requests, write to [email protected].