Security at Reluup
Our security practices, controls, and infrastructure summary.
Compliance & Posture
- SOC 2 aligned controls
- Encryption in transit (TLS 1.2+) and at rest
- 99.9% uptime SLA target
- Audit logging on all sensitive operations
Application Security
- Role-based access control with workspace-level isolation
- Per-request authorization checks on every API endpoint
- CSRF protection via double-submit cookie
- Rate limiting on authentication and write endpoints
- Input sanitization and parameterized database queries
Infrastructure
- Hosted on Replit with managed PostgreSQL
- Automated backups with point-in-time recovery
- Separate development, staging, and production environments
- Continuous monitoring and error tracking via Sentry
Data Protection
- Encryption at rest (AES-256) and in transit (TLS)
- Customer data is logically isolated per workspace
- Sub-processors disclosed in our Privacy Policy
- Data export and deletion available on request
Responsible Disclosure
Found a vulnerability? Email security@reluup.io. We will acknowledge within 48 hours and work with you on disclosure.