All Collections
Getting Started
Security and privacy compliance
Security and privacy compliance

Find out how Reply works with sensitive data and how it is compliant with modern data requirements & regulations

Reply Team avatar
Written by Reply Team
Updated over a week ago

Physical Security and Database Security

We run our product on world-class MS Azure Cloud Services, which is compliant with leading standards for privacy and information security. The data centers are protected by layers of defense-in-depth security that include perimeter fencing, video cameras, security personnel, secure entrances, and real-time communication networks. This multi-layered security model is in use throughout every area of the facility, including each physical server unit.

Restricted Access

Access to the Reply production environment is limited to key members of the Reply engineering team. Access to the databases is provided only to the strict number of IP addresses. This includes the IP addresses of the Reply Service and our development office. 

Network Security

We use SSL/HTTPS for all network connections. This is the most efficient security protocol that ensures privacy and data integrity between communicating computer applications. We use strict firewall policies to keep our internal infrastructure secure. 

Data Recovery

Azure backs up the data every minute using incremental backups and encryption. The backup data is stored in geo-replicated storage, which maintains six copies of your data across two Azure datacenters.

Data Ownership and Privacy

All your data belongs to you. We use the data to provide services only and do not pass your data to third parties. We do not delete the data without giving you time to export it. We do not mine your data for advertising purposes.

Vulnerability Defense

Our application is protected against major security vulnerabilities including, but not limited to:

  • SQL injection;

  • XSS - Cross-site scripting;

  • Authentication vulnerabilities;

  • Application setup vulnerabilities (to avoid known website backdoors), handled by professional DevOps engineers.

  • Sensitive data theft;

  • CSRF (Cross-Site Request Forgery);

  • Other vulnerabilities (not disclosed due to security reasons).

Did this answer your question?