How Rezi protects your data
An overview of the technical and organizational security measures Rezi uses to protect your account and guest data.
Rezi handles sensitive data on your behalf: guest names and contact information, financial transactions, and private conversations. Protecting this data is a core responsibility we take seriously. This article outlines the security architecture and practices that govern how Rezi stores, transmits, and processes your data.
Encryption
All data in transit between your browser or app and Rezi's servers is encrypted using TLS 1.2 or higher. Data at rest in Rezi's databases is encrypted using AES-256, an industry-standard symmetric encryption algorithm. This means that even in the event of a database infrastructure compromise, raw data would not be readable without the encryption keys.
Infrastructure
Rezi runs on cloud infrastructure provided by major cloud providers with SOC 2 Type II and ISO 27001 certifications. Production databases are isolated in private networks with no direct public access. Application-level access controls ensure that each account's data is logically separated and cannot be accessed by other guests of the Rezi platform.
Access controls
Rezi employees follow the principle of least privilege, access to production systems is granted only to team members who require it for their job, and only to the minimum scope necessary. All production access is logged and audited. Engineers do not have routine access to customer data; any customer data access for support purposes requires explicit approval and is logged.
Authentication
Rezi uses Clerk for authentication, which provides industry-standard password hashing (bcrypt), session management, and multi-factor authentication. Passwords are never stored in plain text. Session tokens expire and are rotated on a regular schedule. Suspicious login patterns (new location, multiple failed attempts) trigger security alerts.
Rezi processes guest conversation data through AI models to generate responses. This processing is governed by data processing agreements with AI providers. We do not permit customer data to be used for model training. See our Privacy Policy for the full data processing details.
Incident response
Rezi maintains an incident response plan for security events. In the event of a data breach that affects customer data, we are committed to notifying affected customers within 72 hours of discovery, consistent with GDPR and other applicable notification requirements. Our security team monitors for anomalous activity 24/7 using automated detection systems.
Is Rezi SOC 2 certified?
Does Rezi have a bug bounty program?
Where is my data stored geographically?
Was this article helpful?