Security

Security is one of the biggest considerations in everything we do. If you have questions or concerns or encounter any issues, please let us know.

Security Audits

ReCollect conducts annual security audits with a third party security auditor. To keep customer data as safe as possible, we make use of best-in-class security tools and modern software development practices to maintain a high level of security.

Kobalt found that ReCollect’s security program was at or above the expected levels of maturity as measured against the CIS Top 20 framework for an organization of their size in the areas of Information Security Policies, Security Controls, Secure Software Development Life Cycle and Incident Response Procedures. 

Kobalt also performed a Cloud Audit on Recollect’s AWS environment against the CIS benchmark for AWS.

HTTPS for secure connections

ReCollect forces HTTPS for all services using TLS (SSL), including our public website, web widgets, REST APIs and admin tools.

• ReCollect widgets are served only over TLS
• ReCollect’s APIs are only available over TLS.

We use HSTS to ensure browsers interact with ReCollect only over HTTPS.

PGP

ReCollect has a PGP key to encrypt your communications with ReCollect, or verify signed messages you receive from us.

Vulnerability Disclosure

Our security team rapidly investigates all reported security issues. If you believe you’ve discovered a bug in ReCollect’s security, please get in touch at security@recollect.net (optionally using our PGP key). We will respond as quickly as possible to your report. We request that you not publicly disclose the issue until it has been addressed by ReCollect.