Security at ReCollect

Security is one of the biggest considerations in everything we do. If you have questions or concerns, or encounter any issues, please let us know.

Security Audits

ReCollect conducts annual security audits with a third party security auditor. This auditor is certified by Information Systems Audit and Control Association (ISACA) as a Certified Information Systems Auditor, certified in Risk and Information Systems Controls (CRISC), and Certified in the Governance of Enterprise IT (CGEIT). To keep customer data as safe as possible, we make use of best-in-class security tools and modern software development practices to maintain a high level of security.

HTTPS for secure connections

ReCollect forces HTTPS for all services using TLS (SSL), including our public website, web widgets, REST APIs and admin tools.
  • ReCollect widgets are served only over TLS
  • ReCollect’s APIs are only available over TLS.
We use HSTS to ensure browsers interact with ReCollect only over HTTPS.

PGP

ReCollect has a PGP key to encrypt your communications with ReCollect, or verify signed messages you receive from us.

Vulnerability Disclosure

Our security team rapidly investigates all reported security issues. If you believe you’ve discovered a bug in ReCollect’s security, please get in touch at security@recollect.net (optionally using our PGP key). We will respond as quickly as possible to your report. We request that you not publicly disclose the issue until it has been addressed by ReCollect.