Reflio Logo
Reflio

Security

Your data security is our top priority. Learn how we protect your information and maintain the highest security standards.

Data Encryption

All data transmitted between your browser and our servers is encrypted using industry-standard TLS 1.3 protocol. This ensures that your sensitive information remains private and secure during transit.

Data at rest is encrypted using AES-256 encryption, one of the strongest encryption standards available. This includes all customer data, payment information, and referral campaign details stored in our databases.

Key Security Features:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • Encrypted database backups
  • Secure key management systems
Infrastructure & Hosting

Reflio is hosted on enterprise-grade cloud infrastructure with built-in redundancy, automatic failover, and 24/7 monitoring. Our infrastructure is designed to ensure maximum uptime and data availability.

Hosting

Tier 1 cloud providers with SOC 2 Type II certification

Monitoring

24/7 system monitoring and automated alerts

Backups

Automated daily backups with encryption

Uptime

99.9% uptime SLA guarantee

Access Controls

We implement strict access controls to ensure that only authorized personnel can access sensitive systems and data. All access is logged and monitored.

  • Role-based access control (RBAC) for all systems
  • Multi-factor authentication (MFA) required for all team members
  • Regular access reviews and audits
  • Principle of least privilege enforced
  • All administrative actions logged and monitored
Compliance & Standards

Reflio adheres to industry-standard security practices and compliance frameworks to protect your data and privacy.

GDPR Compliant

Full compliance with European data protection regulations, including data subject rights and data processing agreements.

CCPA Compliant

California Consumer Privacy Act compliance, giving users control over their personal information.

PCI DSS

Payment Card Industry Data Security Standard compliance through Stripe integration.

Vulnerability Disclosure Program

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly so we can address it quickly.

How to Report:

  1. Email cedric@pirax.app with details of the vulnerability
  2. Include steps to reproduce the issue if possible
  3. Allow us reasonable time to address the issue before public disclosure
  4. We will acknowledge receipt within 48 hours

Please do not: Publicly disclose the vulnerability before we've had a chance to address it, or access, modify, or delete data belonging to others.

Security Best Practices for Customers

While we work hard to keep our platform secure, security is a shared responsibility. Here are some best practices:

  • Use strong, unique passwords for your Reflio account
  • Enable two-factor authentication if available
  • Keep your API keys secure and never commit them to public repositories
  • Regularly review user access and permissions
  • Monitor your referral campaigns for suspicious activity
  • Keep your integration up to date with the latest security patches

Questions About Security?

If you have any questions or concerns about our security practices, please reach out.

cedric@pirax.app