Security is one of the biggest considerations in everything we do. If you have questions or concerns or encounter any issues, please let us know.
ReCollect conducts annual security audits with a third party security auditor. This auditor is certified by Information Systems Audit and Control Association (ISACA) as a Certified Information Systems Auditor, certified in Risk and Information Systems Controls (CRISC), and Certified in the Governance of Enterprise IT (CGEIT). To keep customer data as safe as possible, we make use of best-in-class security tools and modern software development practices to maintain a high level of security.
HTTPS for secure connections
ReCollect forces HTTPS for all services using TLS (SSL), including our public website, web widgets, REST APIs and admin tools.
- ReCollect widgets are served only over TLS
- ReCollect’s APIs are only available over TLS.
We use HSTS to ensure browsers interact with ReCollect only over HTTPS.
ReCollect has a PGP key to encrypt your communications with ReCollect, or verify signed messages you receive from us.
Our security team rapidly investigates all reported security issues. If you believe you’ve discovered a bug in ReCollect’s security, please get in touch at firstname.lastname@example.org (optionally using our PGP key). We will respond as quickly as possible to your report. We request that you not publicly disclose the issue until it has been addressed by ReCollect.