Security & privacy

How Rezi protects your data

An overview of the technical and organizational security measures Rezi uses to protect your account and guest data.

Updated June 10, 2026 2 min read

Rezi handles sensitive data on your behalf: guest names and contact information, financial transactions, and private conversations. Protecting this data is a core responsibility we take seriously. This article outlines the security architecture and practices that govern how Rezi stores, transmits, and processes your data.

Encryption

All data in transit between your browser or app and Rezi's servers is encrypted using TLS 1.2 or higher. Data at rest in Rezi's databases is encrypted using AES-256, an industry-standard symmetric encryption algorithm. This means that even in the event of a database infrastructure compromise, raw data would not be readable without the encryption keys.

Infrastructure

Rezi runs on cloud infrastructure provided by major cloud providers with SOC 2 Type II and ISO 27001 certifications. Production databases are isolated in private networks with no direct public access. Application-level access controls ensure that each account's data is logically separated and cannot be accessed by other guests of the Rezi platform.

Access controls

Rezi employees follow the principle of least privilege, access to production systems is granted only to team members who require it for their job, and only to the minimum scope necessary. All production access is logged and audited. Engineers do not have routine access to customer data; any customer data access for support purposes requires explicit approval and is logged.

Authentication

Rezi uses Clerk for authentication, which provides industry-standard password hashing (bcrypt), session management, and multi-factor authentication. Passwords are never stored in plain text. Session tokens expire and are rotated on a regular schedule. Suspicious login patterns (new location, multiple failed attempts) trigger security alerts.

Rezi processes guest conversation data through AI models to generate responses. This processing is governed by data processing agreements with AI providers. We do not permit customer data to be used for model training. See our Privacy Policy for the full data processing details.

Incident response

Rezi maintains an incident response plan for security events. In the event of a data breach that affects customer data, we are committed to notifying affected customers within 72 hours of discovery, consistent with GDPR and other applicable notification requirements. Our security team monitors for anomalous activity 24/7 using automated detection systems.

Is Rezi SOC 2 certified?
Rezi is working toward SOC 2 Type II certification. If your organization requires SOC 2 as a vendor qualification, contact support@rezi-ai.com to discuss your timeline and requirements. We can share current security documentation and the certification timeline.
Does Rezi have a bug bounty program?
Yes. Rezi operates a responsible disclosure program. If you discover a security vulnerability, please email security@rezi-ai.com with details. Do not publicly disclose vulnerabilities before we have had an opportunity to investigate and remediate.
Where is my data stored geographically?
Rezi's primary data infrastructure is in the United States. If you have specific data residency requirements for compliance with GDPR or other regional regulations, contact support@rezi-ai.com to discuss whether Rezi can accommodate your requirements.

Was this article helpful?

Related articles