How does Reftab keep my data secure?

At Reftab, protecting your data is our top priority. We’ve built multiple layers of security into our infrastructure, application, and operations to ensure your information remains safe, private, and always available.

Here’s an overview of the key measures we take to safeguard your data:

• Trusted hosting provider: Reftab’s servers are hosted with DigitalOcean, a leading cloud infrastructure provider known for robust security and compliance.
• SOC 2 Type II certified: Reftab maintains SOC 2 Type II certification, ensuring that our internal controls and systems meet rigorous industry standards. View our SOC compliance page here.
• Secure, U.S.-based servers: All production servers run on regularly patched Linux distributions and are located in the United States.
• Cloudflare protection: We use Cloudflare’s Web Application Firewall (WAF) and DDoS protection to detect, block, and mitigate threats in real time.
• Firewalls and anti-virus monitoring: Comprehensive protection is in place to monitor and prevent unauthorized access.
• Encrypted communication: All traffic between your browser, the mobile app, and our servers is secured with SSL encryption (SHA256 with RSA using 2048-bit keys).
• Email security: We employ DKIM, SPF, and DMARC standards to protect against email spoofing and phishing.
• Login protection: Accounts are locked after five failed password attempts to prevent brute-force attacks, and Two-Factor Authentication (2FA) is supported via Google Authenticator and similar apps.
• Strict server access controls: Access to production systems is limited to authorized personnel via SSH keys, whitelisted IPs, and secure VPNs behind firewalls.
• Strong password encryption: Passwords are hashed using PBKDF2 with 600,000 iterations for maximum security.
• Secure API authentication: Our REST API uses HMAC authentication to verify the authenticity and integrity of API calls.
• Payment data handled securely: Credit card information never touches Reftab servers. All payments are processed through Stripe, a PCI Level 1 Service Provider.
• Session management: User sessions can be revoked at any time from the account security settings.
• Advanced access controls: Role-Based Access Control (RBAC) lets administrators define granular user permissions, and IP restrictions can be enforced for additional protection.
• Single Sign-On (SSO): SAML-based SSO ensures your organization’s password policies are enforced when logging in to Reftab.
• Encrypted backups: Daily encrypted backups are taken and securely stored. Customers can also automate scheduled data exports for redundancy.

These measures work together to deliver enterprise-grade security while maintaining the simplicity and usability that Reftab is known for. Contact “help@reftab.com” for more information.