Enterprise-Grade Security

Your data security is our top priority. We implement industry-leading security measures to protect your business.

AES-256 Encryption
Secure Infrastructure
MFA Support
Audit Logging

Security Features

Every feature is built with security in mind, from data encryption to comprehensive audit trails.

Implemented

AES-256 Encryption

All sensitive data including phone numbers, emails, and addresses are encrypted using AES-256-GCM encryption at the application level.

Implemented

TLS 1.3 in Transit

All data transmitted between your browser and our servers is protected with TLS 1.3 encryption.

Implemented

Multi-Factor Authentication

Protect your account with TOTP-based two-factor authentication. Require MFA for all team members.

Implemented

Comprehensive Audit Logs

Every sensitive action is logged with user, timestamp, IP address, and risk level for complete accountability.

Implemented

Data Retention Policies

Configure automatic data retention and deletion policies. Support for data erasure requests.

Implemented

PII Protection

Personal identifiable information is encrypted, hashed for searching, and can be anonymized on request.

Implemented

Row-Level Security

Database-level security ensures users can only access data belonging to their organization.

Implemented

Cookie Consent Management

Built-in cookie consent banner with preference management and consent logging for compliance.

Implemented

Data Portability

Export all your data in standard formats. Full support for data portability requirements.

Security Practices

We implement industry best practices to keep your data safe.

Data Encryption

Your data is encrypted at rest and in transit

  • AES-256 encryption
  • TLS/HTTPS connections
  • Encrypted backups
  • Secure key management

Access Control

Secure authentication and authorization

  • Multi-factor authentication
  • Role-based permissions
  • Session management
  • Secure password policies

Audit & Monitoring

Comprehensive logging and oversight

  • Activity audit logs
  • Security event tracking
  • Data access logging
  • Retention policies

Technical Implementation

Encryption at Rest

All PII (phone numbers, emails, addresses) is encrypted using AES-256-GCM with unique initialization vectors. Encryption keys are derived using scrypt key derivation.

Encryption in Transit

All communications use TLS 1.3. API endpoints enforce HTTPS. WebSocket connections are secured with WSS protocol.

Authentication

JWT-based authentication with automatic token refresh. Support for TOTP-based MFA via authenticator apps. Session management with configurable timeouts.

Audit Logging

All sensitive actions are logged with user ID, timestamp, IP address (hashed), user agent, and risk level. Logs are retained for 2 years by default.

Data Retention

Configurable retention policies per data type. Automatic anonymization or deletion based on policy. Support for immediate deletion requests.

Infrastructure Security

Built on trusted cloud infrastructure with multiple layers of protection.

Vercel

Edge network & hosting

Supabase

Database & auth

Twilio

Voice & messaging

Anthropic

AI processing

Security Questions?

Our team is here to answer any questions about our security practices or help with compliance requirements.

security@receptionos.aiContact Us