Security at ReCollect
Security is one of the biggest considerations in everything we do. If you have questions or concerns, or encounter any issues, please let us know.
ReCollect is audited by third party security auditor to keep customer data as safe as possible. We make use of best-in-class security tools and modern software development practices to maintain a high level of security.
HTTPS for secure connections
ReCollect forces HTTPS for all services using TLS (SSL), including our public website, web widgets, REST APIs and admin tools.
- ReCollect widgets are served only over TLS
- ReCollect’s APIs are only available over TLS.
We use HSTS to ensure browsers interact with ReCollect only over HTTPS.
ReCollect has a PGP key to encrypt your communications with ReCollect, or verify signed messages you receive from us.
Our security team rapidly investigates all reported security issues. If you believe you’ve discovered a bug in ReCollect’s security, please get in touch at firstname.lastname@example.org (optionally using our PGP key). We will respond as quickly as possible to your report. We request that you not publicly disclose the issue until it has been addressed by ReCollect.