Physical Security and Database Security
We run our product on world class MS Azure cloud services, which is compliant with leading standards for privacy and information security. The data centers are protected by layers of defense-in-depth security that include perimeter fencing, video cameras, security personnel, secure entrances, and real-time communication networks. This multi-layered security model is in use throughout every area of the facility, including each physical server unit.
Access to the Reply production environment is limited to key members of the Reply engineering team. Access to the databases is provided only to the strict number of IP addresses. This includes the IP addresses of the Reply Service and our development office.
We use SSL/HTTPS for all network connections. This is the most efficient security protocol that ensures privacy and data integrity between communicating computer applications. We use strict firewall policies to keep our internal infrastructure secure.
Azure backs up the data every minute using incremental backups and encryption. The backup data is stored in geo-replicated storage, which maintains six copies of your data across two Azure datacenters.
Data Ownership and Privacy
All your data belongs to you. We use the data to provide services only and do not pass your data to third parties. We do not delete the data without giving you time to export it. We do not mine your data for advertising purposes.
Our application is protected against major security vulnerabilities including, but not limited to:
- SQL injection;
- XSS - Cross site scripting;
- Authentication vulnerabilities;
- Application setup vulnerabilities (to avoid known website backdoors), handled by professional DevOPS engineers.
- Sensitive data theft;
- CSRF (Cross Site Request Forgery);
- Other vulnerabilities (not disclosed due to security reasons).
In May 2018, GDPR (General Data Protection Regulation) will become acting law in the EU. The Reply team is currently working to make sure that, in spring 2018, Reply will be compliant with the GDPR requirements. For additional information about GDPR, see our blog article.