Security

Security at RepWave

Your data security is our top priority. Here's how we protect what matters most to your business.

SOC 2 Type IIISO 27001GDPR CompliantPCI DSS Level 1

Encryption

  • All data is encrypted in transit using TLS 1.3 — the latest and most secure transport protocol.
  • Data at rest is encrypted using AES-256, the same standard used by financial institutions.
  • Encryption keys are managed via AWS KMS with strict access control and automatic rotation.
  • Database backups are encrypted and stored in geographically distributed locations.

Infrastructure Security

  • Hosted on AWS with multi-region redundancy and 99.9% uptime SLA.
  • All servers run inside private VPCs with no direct public internet access.
  • WAF (Web Application Firewall) protects against OWASP Top 10 threats in real time.
  • DDoS protection powered by AWS Shield Standard is enabled across all endpoints.
  • Automated vulnerability scanning runs continuously on all infrastructure components.

Access Control

  • Role-based access control (RBAC) ensures users only see data relevant to their role.
  • Multi-factor authentication (MFA) is required for all admin and production system access.
  • All privileged access sessions are logged, recorded, and regularly audited.
  • Zero-trust network architecture — no implicit trust, every request is verified.

Compliance & Audits

  • SOC 2 Type II audit conducted annually by an independent third-party auditor.
  • ISO 27001 certification demonstrates our commitment to information security management.
  • GDPR compliant with a designated Data Protection Officer and formal data processing agreements.
  • Penetration tests performed twice yearly by certified external security firms.

Incident Response

  • 24/7 security monitoring with automated alerting for anomalous activity.
  • Dedicated incident response team with defined escalation and communication procedures.
  • Affected customers are notified within 72 hours of a confirmed security incident.
  • Post-incident reviews and root cause analyses are shared with enterprise customers.

Responsible Disclosure

  • We welcome security researchers to responsibly disclose vulnerabilities.
  • Report issues to: [email protected] — we aim to respond within 48 hours.
  • Confirmed critical vulnerabilities are patched within 7 days.
  • We recognise researchers in our public Hall of Fame for significant findings.