SECURITY

Safeguarding your data is our top priority.

We adhere to stringent security measures to ensure the confidentiality, integrity, and availability of your information. Here's how we maintain the highest standards of security.

Security at a glance

Recital is architected from the ground up to safeguard sensitive customer data, especially from emails and documents.

    • Encryption in transit & at rest

    • Continuous security scans

    • Prompt patch management

    • Routine monitoring

    • Hosting on AWS and Heroku

    • Principle of least privilege

    • Consent required for humans to access your data

    • Customer data isolated at the database layer

    • Google CASA verified

    • SOC2 compliance certification work is in progress

    • Hardware MFA for production

    • Security training and phishing exercises

    • Centralized access requests & revocations

Our security practices

Explore how we prioritize the protection of your data and ensure the integrity of our systems through comprehensive security measures.

Data storage & hosting

All data is stored on industry leading platforms, specifically AWS and Heroku. Heroku also uses AWS infrastructure.

Code security & monitoring

Each commit undergoes human review and rigorous security analysis. We conduct weekly dependency upgrades and daily checks for security issues. Our systems are continuously monitored for security and reliability, with logs retained for 90 days.

Encryption

We encrypt all data in transit and at rest to prevent unauthorized access.

For encryption in transit, our systems enforce HTTPS everywhere, with TLS 1.2+ being required.

At rest, all customer data is encrypted using the AES-256 encryption standard.

Staff security training & access control

All Recital staff undergo thorough security training, and we regularly conduct automated mock spear-phishing campaigns.

Access to systems follows the principle of least privilege, with access to production data limited to our operations team. Access requires hardware MFA keys.

Recital staff never look at customer data, except with the explicit permission of a customer. Any access by Recital staff is logged in an auditable format, including the identity of the staff member and the reason for access.

Certifications & compliance

Recital is Google CASA Certified. Our work is underway to verify our compliance with SOC 2.

Hardware MFA and access control

Technical staff are issued hardware MFA tokens for secure authentication. Hardware MFA enforcement is implemented across all applications that support it. Access to systems and applications is centrally tracked, with requests and revocations subject to approvals. Access is promptly revoked for departing staff.

At Recital, we take security seriously to provide you with peace of mind.

Our commitment to robust security practices ensures that your data remains protected at all times. If you have any questions or concerns about our security measures, please don't hesitate to contact us.

Ready for the tour?

Schedule a demo to learn more about Recital.