Compliance at ReCollect


ReCollect conducts annual security audits with a third party security auditor. This auditor is certified by the Information Systems Audit and Control Association (ISACA) as a Certified Information Systems Auditor, certified in Risk and Information Systems Controls (CRISC), and Certified in the Governance of Enterprise IT (CGEIT). To keep customer data as safe as possible, we make use of best-in-class security tools and modern software development practices to maintain a high level of security.

All of ReCollect’s services operate exclusively over TLS (SSL) by use of HTTP Strict Transport Security (HSTS). This includes our public website, web widgets, REST APIs and admin tools.

Our security team rapidly investigates all reported security issues. If you believe you’ve discovered a vulnerability in ReCollect’s security, please get in touch at (optionally using our PGP key). We will respond as quickly as possible to your report. We request that you not publicly disclose the issue until it has been addressed by ReCollect.

Read more about Security at ReCollect in our blog.


ReCollect conducts annual accessibility audits with a highly regarded, CPWA certified accessibility auditor. ReCollect’s web tools have been certified as conforming to the applicable Level A and Level AA success criteria of the W3C WCAG 2.1 Guidelines. ReCollect tools are designed for inclusion, and we believe that they should be easy to use by everyone, regardless of age or disability. Additionally, you can rest assured that providing ReCollect’s service to your residents or customers will not open you up to lawsuits under the many accessibility laws around the world.

ReCollect web tools have also been certified as compliant with Section 508 of the Rehabilitation Act of 1973. This is a law in the United States that requires federal agencies to meet a strict set of accessibility requirements. Additionally, many states also require compliance with Section 508, and the American Disability Act prohibits requires that all public websites are accessible to people with disabilities. Our Voluntary Product Accessibility Template® may be requested by emailing support@recollect.netRead more about Accessibility at ReCollect in our blog.


ReCollect is built using the principle of Privacy by Design. We only collect the minimal amount of information required to offer our service, and personal data is removed as quickly as reasonably possible once it is no longer needed. ReCollect complies with all applicable privacy laws in jurisdictions where it operates, including the GDPR in the European Union which came into effect on May 25, 2018. If you would like more details on our Privacy Policy or have any questions about ReCollect’s privacy practices, please contact our Data Protection Officer at privacy@recollect.netRead more about Privacy at ReCollect in our blog.